CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-5330 – ZyXEL P-660HW UDP Denial Of Service
https://notcve.org/view.php?id=CVE-2018-5330
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. Los dispositivos ZyXEL P-660HW v3 permiten que atacantes remotos provoquen una denegación de servicio (router no alcanzable/no responde) mediante una inundación de paquetes UDP fragmentados. ZyXEL P-660HW suffers from a UDP fragmentation denial of service vulnerability. • http://packetstormsecurity.com/files/145863/ZyXEL-P-660HW-UDP-Denial-Of-Service.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-17901 – ZyXEL P-660HW TTL Expiry Denial Of Service
https://notcve.org/view.php?id=CVE-2017-17901
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. Los dispositivos ZyXEL P-660HW v3 permite que atacantes remotos provoquen una denegación de servicio (consumo de CPU) mediante una inundación de paquetes IP con un TTL de 1. ZyXEL P-660HW version 3 suffers from a TTL expiry denial of service vulnerability. • http://packetstormsecurity.com/files/145548/ZyXEL-P-660HW-TTL-Expiry-Denial-Of-Service.html https://www.zyxel.com/support/announcement_denial_of_service.shtml • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6017
https://notcve.org/view.php?id=CVE-2015-6017
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. Múltiples vulnerabilidades de XSS en Forms/rpAuth_1 en dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) LoginPassword o (2) hiddenPassword. • http://www.securitytracker.com/id/1034552 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2015-6016
https://notcve.org/view.php?id=CVE-2015-6016
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. Dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0), dispositivos PMG5318-B20A con firmware 1.00AANC0b5 y dispositivos NBG-418N tienen una contraseña por defecto de 1234 para la cuenta de admin, lo que permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados. • http://www.securitytracker.com/id/1034552 http://www.securitytracker.com/id/1034553 http://www.securitytracker.com/id/1034554 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2014-4162 – ZYXEL P-660HW-T1 3 Wireless Router - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-4162
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1. Múltiples vulnerabilidades de CSRF en el router inalámbrico Zyxel P-660HW-T1 (v3) permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian (1) la contraseña de wifi o (2) SSID a través de una solicitud a Forms/WLAN_General_1. • https://www.exploit-db.com/exploits/33518 http://osvdb.org/show/osvdb/107449 http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html http://secunia.com/advisories/58513 http://www.exploit-db.com/exploits/33518 • CWE-352: Cross-Site Request Forgery (CSRF) •