CVE-2018-1164

Name of the Vulnerable Software and Affected Versions ZyXEL P-870H-51 DSL Router version 1.00(AWG.3)D5

Description This issue allows remote attackers to cause a denial-of-service condition on vulnerable installations. Authentication is not required to exploit this issue. The specific flaw exists within numerous exposed CGI endpoints, such as /api/v1/login or /users/{id}, due to improper access controls that allow access to critical functions without authentication. An attacker can use this issue to reboot affected devices, along with other actions.

Recommendations For ZyXEL P-870H-51 DSL Router version 1.00(AWG.3)D5, consider restricting access to critical functions and CGI endpoints to minimize the risk of exploitation. As a temporary workaround, consider disabling access to vulnerable CGI endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.