PT-2019-18285 · Zyxel · Zyxel P-660Hn-T1 V2
Onur Onur
·
Publicado
2019-05-31
·
Atualizado
2019-06-03
·
CVE-2019-6725
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZyXEL P-660HN-T1 V2 version 2.00(AAKK.3)
Description
The issue allows unauthorized access to the rpWLANRedirect.asp ASP page without authentication. By accessing this page, an attacker can obtain the admin user's password by viewing the HTML source code and subsequently access the modem's interface with admin privileges.
Recommendations
For ZyXEL P-660HN-T1 V2 version 2.00(AAKK.3), consider restricting access to the rpWLANRedirect.asp page until a fix is available, and change the admin password as a precautionary measure.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zyxel P-660Hn-T1 V2