CVE-2018-5330 – ZyXEL P-660HW UDP Denial Of Service
https://notcve.org/view.php?id=CVE-2018-5330
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. Los dispositivos ZyXEL P-660HW v3 permiten que atacantes remotos provoquen una denegación de servicio (router no alcanzable/no responde) mediante una inundación de paquetes UDP fragmentados. ZyXEL P-660HW suffers from a UDP fragmentation denial of service vulnerability. • http://packetstormsecurity.com/files/145863/ZyXEL-P-660HW-UDP-Denial-Of-Service.html •
CVE-2017-17901 – ZyXEL P-660HW TTL Expiry Denial Of Service
https://notcve.org/view.php?id=CVE-2017-17901
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. Los dispositivos ZyXEL P-660HW v3 permite que atacantes remotos provoquen una denegación de servicio (consumo de CPU) mediante una inundación de paquetes IP con un TTL de 1. ZyXEL P-660HW version 3 suffers from a TTL expiry denial of service vulnerability. • http://packetstormsecurity.com/files/145548/ZyXEL-P-660HW-TTL-Expiry-Denial-Of-Service.html https://www.zyxel.com/support/announcement_denial_of_service.shtml • CWE-400: Uncontrolled Resource Consumption •
CVE-2015-6017
https://notcve.org/view.php?id=CVE-2015-6017
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. Múltiples vulnerabilidades de XSS en Forms/rpAuth_1 en dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) LoginPassword o (2) hiddenPassword. • http://www.securitytracker.com/id/1034552 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6016
https://notcve.org/view.php?id=CVE-2015-6016
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. Dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0), dispositivos PMG5318-B20A con firmware 1.00AANC0b5 y dispositivos NBG-418N tienen una contraseña por defecto de 1234 para la cuenta de admin, lo que permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados. • http://www.securitytracker.com/id/1034552 http://www.securitytracker.com/id/1034553 http://www.securitytracker.com/id/1034554 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-255: Credentials Management Errors •
CVE-2008-1526
https://notcve.org/view.php?id=CVE-2008-1526
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. Los routers ZyXEL Prestige, incluyendo los modelos P-660, P-661 y P-662 con firmware 3.40(PE9) y 3.40(AGD.2) hasta la 3.40(AHQ.3), no utilizan salt cuando se calcula el hash de una contraseña MD5, lo cual facilita a los atacantes craquear contraseñas. • http://www.gnucitizen.org/projects/router-hacking-challenge http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf http://www.securityfocus.com/archive/1/489009/100/0/threaded • CWE-916: Use of Password Hash With Insufficient Computational Effort •