Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-25 | CVE-2008-1160 | Use of Hard-coded Credentials vulnerability in Zyxel Zywall 1050 Firmware ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | 9.8 |
| 2008-03-10 | CVE-2008-1261 | Remote Security vulnerability in Zyxel P-2602Hw-D1A 3.40(Ajz.1) The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI. | 5.0 |
| 2008-03-10 | CVE-2008-1260 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-2602Hw-D1A Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1. | 4.3 |
| 2008-03-10 | CVE-2008-1259 | Improper Authentication vulnerability in Zyxel P-2602Hw-D1A The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes. | 9.3 |
| 2008-03-10 | CVE-2008-1257 | Cross-Site Scripting vulnerability in Zyxel products Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. | 4.3 |
| 2008-03-10 | CVE-2008-1256 | Remote Security vulnerability in P-660Hw The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access. | 10.0 |
| 2008-03-10 | CVE-2008-1255 | Permissions, Privileges, and Access Controls vulnerability in Zyxel P-660Hw The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user. | 10.0 |
| 2008-03-10 | CVE-2008-1254 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-660Hw Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | 6.8 |
| 2007-08-13 | CVE-2007-4319 | Remote vulnerability in Zyxel Zynos and Zywall 2 The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. | 4.0 |
| 2007-08-13 | CVE-2007-4318 | Cross-Site Scripting vulnerability in Zyxel Zynos and Zywall 2 Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. network zyxel | 4.3 |