CVE-2008-1524

Name of the Vulnerable Software and Affected Versions ZyXEL Prestige routers, including P-660 and P-661 models, versions 3.40(AGD.2) through 3.40(AHQ.3)

Description The issue concerns the default community string for SNMP services. The default string is set to "public" for both read and write operations, allowing remote attackers to perform administrative actions. This can be exploited to read sensitive information, such as the Dynamic DNS service password, or to insert malicious code, like an XSS sequence, into the system.sysName.0 variable, which is then displayed on the System Status page.

Recommendations For versions 3.40(AGD.2) through 3.40(AHQ.3), change the default community string for SNMP services to a secure, non-default value to prevent unauthorized access. Consider restricting access to SNMP services until the issue is fully resolved.