CVE-2008-1527

Name of the Vulnerable Software and Affected Versions ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and versions 3.40(AGD.2) through 3.40(AHQ.3)

Description The issue allows remote attackers to obtain access via a replay attack, exploiting the authentication over HTTP via a hash string in the hiddenPassword field.

Recommendations For firmware versions 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), consider disabling the authentication over HTTP to minimize the risk of exploitation. Restrict access to the hiddenPassword field in the HTTP authentication process until a patch is available.