Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2008-1246 | 6.8 |
The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after era
|
07-08-2024 - 09:15 | 10-03-2008 - 17:44 | |
CVE-2008-1526 | 5.0 |
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
|
14-02-2024 - 16:54 | 26-03-2008 - 10:44 | |
CVE-2008-1266 | 7.8 |
Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name an
|
26-04-2023 - 18:55 | 10-03-2008 - 17:44 | |
CVE-2006-3561 | 5.0 |
BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfi
|
18-10-2018 - 16:47 | 13-07-2006 - 01:05 | |
CVE-2006-2901 | 5.0 |
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwor
|
18-10-2018 - 16:43 | 07-06-2006 - 21:06 | |
CVE-2006-2337 | 5.0 |
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
|
18-10-2018 - 16:39 | 12-05-2006 - 00:02 | |
CVE-2007-6709 | 7.5 |
The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.
|
15-10-2018 - 21:56 | 13-03-2008 - 18:44 | |
CVE-2007-6708 | 4.3 |
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an adminis
|
15-10-2018 - 21:56 | 13-03-2008 - 18:44 | |
CVE-2007-6707 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than C
|
15-10-2018 - 21:56 | 13-03-2008 - 18:44 | |
CVE-2007-5383 | 10.0 |
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the
|
15-10-2018 - 21:44 | 12-10-2007 - 01:17 | |
CVE-2007-4915 | 10.0 |
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password st
|
15-10-2018 - 21:38 | 17-09-2007 - 17:17 | |
CVE-2007-3574 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_g
|
15-10-2018 - 21:29 | 05-07-2007 - 20:30 | |
CVE-2008-1528 | 4.0 |
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonst
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1524 | 7.5 |
The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has "public" as its default community for both (1) read and (2) write operations, which allows remote attackers to perform adm
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1525 | 5.0 |
The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP addr
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1529 | 5.0 |
ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods.
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1527 | 7.5 |
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain acce
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1523 | 5.0 |
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain ISP and Dynamic DNS credentials by sending a direct request for (1) WAN.html, (2) wzPPPOE.html,
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1521 | 6.5 |
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html.
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1522 | 7.5 |
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it
|
11-10-2018 - 20:35 | 26-03-2008 - 10:44 | |
CVE-2008-1265 | 7.8 |
The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1254 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1256 | 10.0 |
The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1252 | 10.0 |
b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1245 | 7.8 |
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1262 | 10.0 |
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base statio
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1269 | 7.1 |
cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1258 | 4.3 |
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1247 | 10.0 |
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.t
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1244 | 10.0 |
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1255 | 10.0 |
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1257 | 4.3 |
Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1260 | 4.3 |
Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface paramet
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1263 | 4.0 |
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1334 | 7.5 |
cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encod
|
11-10-2018 - 20:31 | 13-03-2008 - 18:44 | |
CVE-2008-1259 | 9.3 |
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated wit
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1249 | 9.4 |
snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1268 | 10.0 |
The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1251 | 4.3 |
Cross-site scripting (XSS) vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1242 | 10.0 |
The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticat
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1261 | 5.0 |
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1250 | 9.3 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry con
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1248 | 5.8 |
The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1264 | 7.5 |
The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1267 | 7.8 |
The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field.
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1253 | 4.3 |
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 | |
CVE-2008-1243 | 4.3 |
Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default
|
11-10-2018 - 20:31 | 10-03-2008 - 17:44 |