Details of VAR-201406-0493

ID

VAR-201406-0493

TITLE

Multiple vulnerabilities in ZyXEL P660RT2 EE

Trust: 0.6

sources: CNVD: CNVD-2014-03917

DESCRIPTION

ZyXEL P660RT2 EE is an ADSL router product from ZyXEL. There are security bypass and cross-site scripting vulnerabilities in ZyXEL P660RT2 EE. Attackers can use these vulnerabilities to bypass security restrictions, gain access to affected devices, or execute arbitrary HTML and script code in the context of the affected site to steal cookie-based authentication. Vulnerabilities in ZyXEL P660RT2 EE 3.40 (AXN.1) version, other versions may also be affected. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Note: This issue was previously titled 'ZyXEL P660RT2 EE Brute Force Authentication Bypass and Cross Site Scripting Vulnerabilities'. The title and short summary have been changed to better reflect the underlying component affected

Trust: 1.35

sources: CNVD: CNVD-2014-03917 // CNNVD: CNNVD-201406-668 // BID: 68135

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03917

AFFECTED PRODUCTS

vendor:

zyxel

model:

p660rt2 ee

scope:

version:

3.40

Trust: 0.9

sources: CNVD: CNVD-2014-03917 // BID: 68135

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-03917
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-03917
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-03917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-668

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 68135

EXTERNAL IDS

db:	BID	id:	68135	Trust: 1.5
db:	CNVD	id:	CNVD-2014-03917	Trust: 0.6
db:	CNNVD	id:	CNNVD-201406-668	Trust: 0.6

sources: CNVD: CNVD-2014-03917 // BID: 68135 // CNNVD: CNNVD-201406-668

REFERENCES

url:	http://www.securityfocus.com/bid/68135	Trust: 1.2
url:	http://seclists.org/fulldisclosure/2014/jun/103	Trust: 0.3
url:	http://www.zyxel.com/web/product_category.php?pc1indexflag=20040812093058	Trust: 0.3

sources: CNVD: CNVD-2014-03917 // BID: 68135 // CNNVD: CNNVD-201406-668

CREDITS

MustLive

Trust: 0.9

sources: BID: 68135 // CNNVD: CNNVD-201406-668

SOURCES

db:	CNVD	id:	CNVD-2014-03917
db:	BID	id:	68135
db:	CNNVD	id:	CNNVD-201406-668

LAST UPDATE DATE

2022-05-17T01:45:22.135000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03917	date:	2014-06-27T00:00:00
db:	BID	id:	68135	date:	2014-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201406-668	date:	2014-07-02T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03917	date:	2014-06-27T00:00:00
db:	BID	id:	68135	date:	2014-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201406-668	date:	2014-06-22T00:00:00