CVE-2008-1526 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2008-1526?

CVE-2008-1526 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1526?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel P-663Hn-51 Firmware, Zyxel P-663Hn-51, Zyxel P-660H-61 Firmware, Zyxel P-660H-61, Zyxel P-660H-63 Firmware.

Vulnerability Description

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zyxel	P-663Hn-51 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-663Hn-51	-
Zyxel	P-660H-61 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660H-61	-
Zyxel	P-660H-63 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660H-63	-
Zyxel	P-660H-67 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660H-67	-
Zyxel	P-660H-D1 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660H-D1	-
Zyxel	P-660H-D3 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660H-D3	-
Zyxel	P-660Hn-51 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660Hn-51	-
Zyxel	P-660H-T1 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660H-T1	-
Zyxel	P-660Hw D1 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660Hw D1	-
Zyxel	P-660Hw D3 Firmware	>= 3.40\(agd.2\), <= 3.40\(ahq.3\)
Zyxel	P-660Hw D3	-

Related Weaknesses (CWE)

CWE-916

References

http://www.gnucitizen.org/projects/router-hacking-challenge/Broken Link
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdfBroken Link
http://www.securityfocus.com/archive/1/489009/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.gnucitizen.org/projects/router-hacking-challenge/Broken Link
http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdfBroken Link
http://www.securityfocus.com/archive/1/489009/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2008-1526?

CVE-2008-1526 is a vulnerability with a CVSS score of 7.5 (HIGH). ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it ea...

How severe is CVE-2008-1526?

CVE-2008-1526 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1526?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel P-663Hn-51 Firmware, Zyxel P-663Hn-51, Zyxel P-660H-61 Firmware, Zyxel P-660H-61, Zyxel P-660H-63 Firmware.