CVE-2014-4162

Name of the Vulnerable Software and Affected Versions Zyxel P-660HW-T1 version v3

Description The issue affects the Zyxel P-660HW-T1 wireless router, where multiple cross-site request forgery (CSRF) vulnerabilities exist. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The requests in question are those that change the wifi password or the SSID, which can be executed via a request to "Forms/WLAN General 1".

Recommendations For Zyxel P-660HW-T1 version v3, consider disabling access to the "Forms/WLAN General 1" endpoint until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to the wifi password and SSID change functionalities to minimize the risk of unauthorized changes.