Details of VAR-201403-0578

ID

VAR-201403-0578

TITLE

ZyXEL P-660HN-T1A Authentication Bypass Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2014-02095 // BID: 66170 // CNNVD: CNNVD-201403-567

DESCRIPTION

ZyXEL P-660HN-T1A is a wireless router product of ZyXEL technology company. An authentication bypass vulnerability exists in ZyXEL P-660HN-T1A. Attackers can use this vulnerability to bypass the authentication mechanism and perform unauthorized operations, which can help launch further attacks. Vulnerabilities in ZyXEL P-660HN-T1A version 3.40, other versions may also be affected. ZyXEL P-660HN-T1A is prone to an authentication-bypass vulnerability. This may aid in further attacks

Trust: 1.35

sources: CNVD: CNVD-2014-02095 // CNNVD: CNNVD-201403-567 // BID: 66170

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02095

AFFECTED PRODUCTS

vendor:	zyxel	model:	p-660hn-t1a 3.40	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	p-660hn-t1a	scope:	eq	version:	3.40	Trust: 0.3

sources: CNVD: CNVD-2014-02095 // BID: 66170

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-02095
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-02095
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-02095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-567

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201403-567

EXTERNAL IDS

db:	BID	id:	66170	Trust: 1.5
db:	EXPLOITDB	id:	32204	Trust: 0.6
db:	EXPLOIT-DB	id:	32204	Trust: 0.6
db:	OSVDB	id:	104423	Trust: 0.6
db:	CNVD	id:	CNVD-2014-02095	Trust: 0.6
db:	CNNVD	id:	CNNVD-201403-567	Trust: 0.6

sources: CNVD: CNVD-2014-02095 // BID: 66170 // CNNVD: CNNVD-201403-567

REFERENCES

url:	http://osvdb.com/show/osvdb/104423	Trust: 0.6
url:	http://www.exploit-db.com/exploits/32204/	Trust: 0.6
url:	http://www.securityfocus.com/bid/66170	Trust: 0.6
url:	http://www.zyxel.com/products_services/p_660hn_txa_series.shtml?t=p	Trust: 0.3

sources: CNVD: CNVD-2014-02095 // BID: 66170 // CNNVD: CNNVD-201403-567

CREDITS

Michael Grifalconi

Trust: 0.9

sources: BID: 66170 // CNNVD: CNNVD-201403-567

SOURCES

db:	CNVD	id:	CNVD-2014-02095
db:	BID	id:	66170
db:	CNNVD	id:	CNNVD-201403-567

LAST UPDATE DATE

2022-05-17T01:51:10.487000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02095	date:	2014-04-03T00:00:00
db:	BID	id:	66170	date:	2014-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201403-567	date:	2014-04-01T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02095	date:	2014-04-03T00:00:00
db:	BID	id:	66170	date:	2014-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201403-567	date:	2014-03-12T00:00:00