CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2014-4162 – ZYXEL P-660HW-T1 3 Wireless Router - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-4162
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1. Múltiples vulnerabilidades de CSRF en el router inalámbrico Zyxel P-660HW-T1 (v3) permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian (1) la contraseña de wifi o (2) SSID a través de una solicitud a Forms/WLAN_General_1. • https://www.exploit-db.com/exploits/33518 http://osvdb.org/show/osvdb/107449 http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html http://secunia.com/advisories/58513 http://www.exploit-db.com/exploits/33518 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2013-3588
https://notcve.org/view.php?id=CVE-2013-3588
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. La interfaz de gestión web en dispositivos Zyxel P660 permite a atacantes remotos causar una denegación de servicio (reinicio) a través de una inundación de paquetes TCP SYN. • http://www.kb.cert.org/vuls/id/893726 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1257
https://notcve.org/view.php?id=CVE-2008-1257
Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Forms/DiagGeneral_2 del router ZyXEL P-660HW series permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro PingIPAddr. • http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41109 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •