PT-2019-18285 · Zyxel · Zyxel P-660Hn-T1 V2
Onur Onur
·
Published
2019-05-31
·
Updated
2019-06-03
·
CVE-2019-6725
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZyXEL P-660HN-T1 V2 version 2.00(AAKK.3)
Description
The issue allows unauthorized access to the rpWLANRedirect.asp ASP page without authentication. By accessing this page, an attacker can obtain the admin user's password by viewing the HTML source code and subsequently access the modem's interface with admin privileges.
Recommendations
For ZyXEL P-660HN-T1 V2 version 2.00(AAKK.3), consider restricting access to the rpWLANRedirect.asp page until a fix is available, and change the admin password as a precautionary measure.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zyxel P-660Hn-T1 V2