ID
VAR-E-201406-0365
TITLE
ZyXEL P660RT2 EE Security Bypass and Cross Site Scripting Vulnerabilities
Trust: 0.3
DESCRIPTION
ZyXEL P660RT2 EE is prone to a security-bypass and a cross-site scripting vulnerability.
An attacker may leverage these issues to bypass the security restrictions and gain unauthorized access to the affected device or to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Note: This issue was previously titled 'ZyXEL P660RT2 EE Brute Force Authentication Bypass and Cross Site Scripting Vulnerabilities'. The title and short summary have been changed to better reflect the underlying component affected.
ZyXEL P660RT2 EE 3.40 (AXN.1) is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | zyxel | model: | p660rt2 ee | scope: | eq | version: | 3.40 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues through readily available tools and a browser.
To exploit cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URL.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
MustLive
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 68135 | Trust: 0.3 |
REFERENCES
| url: | http://seclists.org/fulldisclosure/2014/jun/103 | Trust: 0.3 |
| url: | http://www.zyxel.com/web/product_category.php?pc1indexflag=20040812093058 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 68135 |
LAST UPDATE DATE
2022-07-27T09:58:45.074000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 68135 | date: | 2014-06-22T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 68135 | date: | 2014-06-22T00:00:00 |