CVE-2008-1523

Name of the Vulnerable Software and Affected Versions ZyXEL Prestige routers, including P-660, P-661, and P-662 models, versions 3.40(AGD.2) through 3.40(AHQ.3)

Description The issue allows remote authenticated users to obtain sensitive information, including ISP and Dynamic DNS credentials, by sending direct requests for specific HTML pages, such as WAN.html, wzPPPOE.html, and rpDyDNS.html, and then reading the HTML source. This could potentially lead to unauthorized access to the network.

Recommendations For versions 3.40(AGD.2) through 3.40(AHQ.3), consider restricting access to the WAN.html, wzPPPOE.html, and rpDyDNS.html pages until a patch is available. Additionally, limit remote authenticated user privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.