CVE-2008-1526

high-risk

Published 2008-03-26

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

P-660H-61 Firmware

P-660H-63 Firmware

P-660H-D1 Firmware

P-660H-D3 Firmware

P-660Hn-51 Firmware

P-660H-T1 Firmware

P-660Hw D1 Firmware

P-660Hw T3 Firmware

P-661Hnu-F1 Firmware

P-661H Firmware

P-661Hw-D1 Firmware

P-661Hnu-F3 Firmware

P-662Hw-D3 Firmware

P-662Hw-D Firmware

Affected Vendors

Zyxel

References (6)

Broken Link http://www.gnucitizen.org/projects/router-hacking-challenge/

Broken Link http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

Broken Link http://www.securityfocus.com/archive/1/489009/100/0/threaded

Broken Link http://www.gnucitizen.org/projects/router-hacking-challenge/

Broken Link http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf

Broken Link http://www.securityfocus.com/archive/1/489009/100/0/threaded

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 24/34 · High