CVE-2008-1526

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
zyxelp-663hn-51_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-663hn-51_firmware
3.40\(pe9\)
zyxelp-660h-61_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660h-61_firmware
3.40\(pe9\)
zyxelp-660h-63_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660h-63_firmware
3.40\(pe9\)
zyxelp-660h-67_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660h-67_firmware
3.40\(pe9\)
zyxelp-660h-d1_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660h-d1_firmware
3.40\(pe9\)
zyxelp-660h-d3_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660h-d3_firmware
3.40\(pe9\)
zyxelp-660hn-51_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660hn-51_firmware
3.40\(pe9\)
zyxelp-660h-t1_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660h-t1_firmware
3.40\(pe9\)
zyxelp-660hw_d1_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660hw_d1_firmware
3.40\(pe9\)
zyxelp-660hw_d3_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660hw_d3_firmware
3.40\(pe9\)
zyxelp-660hw_t3_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-660hw_t3_firmware
3.40\(pe9\)
zyxelp-661hnu-f1_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-661hnu-f1_firmware
3.40\(pe9\)
zyxelp-661h_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-661h_firmware
3.40\(pe9\)
zyxelp-661hw-d1_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-661hw-d1_firmware
3.40\(pe9\)
zyxelp-661hnu-f3_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-661hnu-f3_firmware
3.40\(pe9\)
zyxelp-662hw-d3_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-662hw-d3_firmware
3.40\(pe9\)
zyxelp-662hw-d_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-662hw-d_firmware
3.40\(pe9\)
zyxelp-662hw-d1_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-662hw-d1_firmware
3.40\(pe9\)
zyxelp-662h-61_firmware
3.40\(agd.2\) ≤
𝑥
≤ 3.40\(ahq.3\)
zyxelp-662h-61_firmware
3.40\(pe9\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
http://www.securityfocus.com/archive/1/489009/100/0/threaded
http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
http://www.securityfocus.com/archive/1/489009/100/0/threaded