CVE-2008-1528

Name of the Vulnerable Software and Affected Versions ZyXEL Prestige routers, including P-660, P-661, and P-662 models, versions 3.40(AGD.2) through 3.40(AHQ.3)

Description The issue allows remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source. This can be demonstrated by making a request for (1) "RemMagSNMP.html", which discloses SNMP communities, or (2) "WLAN.html", which discloses WEP keys.

Recommendations For versions 3.40(AGD.2) through 3.40(AHQ.3), consider restricting access to the affected HTTP endpoints, such as "RemMagSNMP.html" and "WLAN.html", until a patch is available. As a temporary workaround, limit the disclosure of sensitive information, like SNMP communities and WEP keys, by restricting access to these endpoints.