Platform2018-08-08T15:57:40+00:00

ZyXEL P-660R-61 Router

Platform Information https://www.cnet.com/products/zyxel-prestige-660r-61c-router-dsl-desktop-series/
Search Engine Search on Google
End of Sales Yes (2011-06-30) more info
End of Support Yes (2011-06-30) more info
Wired Connection Yes
Wireless Connection -
Fingerprinting Source HTTP NIC VENDOR
Added at 2019-01-08
Manufacturer Name Zyxel Communications Corp
Homepage https://www.zyxel.com/index.shtml
Headquarters Taiwan
Business Status Ongoing
Acquisition Company Siemens AG
Acquisition Company Homepage http://www.siemens.com

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
No records found.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2018-9149
04/01/2018
CRITICAL
HIGH
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor.
CVE-2018-1164
02/21/2018
CRITICAL
HIGH
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.
CVE-2018-5330
01/16/2018
HIGH
HIGH
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.
CVE-2017-17901
12/29/2017
HIGH
HIGH
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
CVE-2017-15226
10/10/2017
CRITICAL
HIGH
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.