Sign-up

ID

VAR-201512-0082


CVE

CVE-2015-6016


TITLE

ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#870744

DESCRIPTION

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 are products of ZyXEL Technology. Both NBG-418N and P-660HW-T1 are wireless broadband routers; PMG5318-B20A is a wireless switch product. There are security vulnerabilities in several ZyXEL routers. A remote attacker could exploit this vulnerability to modify the system configuration. An insecure default-password vulnerability 2. Multiple cross-site scripting vulnerabilities 3. A command-execution vulnerability 4. A security-bypass vulnerability 5. An authorization-bypass Successful exploits allow attacker-supplied HTML and script code to run in the context of the affected browser potentially allowing attackers to steal cookie-based authentication credentials, execute arbitrary commands, to gain unauthorized access and bypass security restrictions and perform unauthorized actions. There is a security vulnerability in ZyXEL P-660HW-T1 2 devices using ZyNOS 3.40(AXH.0) firmware, PMG5318-B20A devices and NBG-418N devices using 1.00AANC0b5 firmware. The vulnerability is caused by using '1234' as admin account password

Trust: 3.24

sources: NVD: CVE-2015-6016 // CERT/CC: VU#870744 // JVNDB: JVNDB-2015-006593 // CNVD: CNVD-2015-06900 // BID: 77077 // VULHUB: VHN-83977

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06900

AFFECTED PRODUCTS

vendor:zyxelmodel:pmg5318-b20ascope:eqversion:v100aanc0b5

Trust: 1.6

vendor:zyxelmodel:nbg-418nscope:eqversion: -

Trust: 1.6

vendor:zyxelmodel:nbg-418nscope: - version: -

Trust: 1.4

vendor:zyxelmodel:zynosscope:eqversion:3.40\(axh.0\)

Trust: 1.0

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-660hw-t1 v2scope: - version: -

Trust: 0.8

vendor:zyxelmodel:pmg5318-b20ascope:eqversion:1.00aanc0b5

Trust: 0.8

vendor:zyxelmodel:zynosscope:eqversion:3.40(axh.0) (2007 year 3 moon 30 day ) (p660hw-t1 v2)

Trust: 0.8

vendor:zyxelmodel:p-660hw-t1scope: - version: -

Trust: 0.6

vendor:zyxelmodel:pmg5318-b20ascope: - version: -

Trust: 0.6

vendor:zyxelmodel:p-660hw-t1 2scope: - version: -

Trust: 0.6

vendor:zyxelmodel:pmg5318-b20a v100aanc0b5scope: - version: -

Trust: 0.3

vendor:zyxelmodel:p-660hw-t1 3.40scope:eqversion:v2

Trust: 0.3

vendor:zyxelmodel:nbg-418nscope:eqversion:0

Trust: 0.3

vendor:zyxelmodel:pmg5318-b20a 1.00 c0scope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06900 // BID: 77077 // JVNDB: JVNDB-2015-006593 // CNNVD: CNNVD-201510-349 // NVD: CVE-2015-6016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6016
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-6016
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-06900
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201510-349
value: CRITICAL

Trust: 0.6

VULHUB: VHN-83977
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6016
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06900
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-83977
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6016
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-06900 // VULHUB: VHN-83977 // JVNDB: JVNDB-2015-006593 // CNNVD: CNNVD-201510-349 // NVD: CVE-2015-6016

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-83977 // JVNDB: JVNDB-2015-006593 // NVD: CVE-2015-6016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-349

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201510-349

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006593

PATCH
title:NBG-418Nurl:http://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01393&md=NBG-418N
Trust: 0.8
title:PMG5318-B20Aurl:http://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01700&md=PMG5318-B20A
Trust: 0.8
title:P-660HW-T1 v2url:http://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=MD06084&md=P-660HW-T1%20v2
Trust: 0.8
title:ZyXEL Support Center - Latest Releaseurl:http://www.zyxel.com/support/support_landing.shtml
Trust: 0.8
title:DefaultPasswordurl:https://default-password.info/zyxel/
Trust: 0.8
title:Patches for multiple ZyXEL router credential management vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/65620
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06900 // 
            
            
            
            JVNDB: JVNDB-2015-006593

EXTERNAL IDS
db:CERT/CCid:VU#870744
Trust: 4.2
db:NVDid:CVE-2015-6016
Trust: 3.4
db:SECTRACKid:1034553
Trust: 1.1
db:SECTRACKid:1034552
Trust: 1.1
db:SECTRACKid:1034554
Trust: 1.1
db:JVNid:JVNVU97093739
Trust: 0.8
db:JVNDBid:JVNDB-2015-006593
Trust: 0.8
db:CNNVDid:CNNVD-201510-349
Trust: 0.7
db:CNVDid:CNVD-2015-06900
Trust: 0.6
db:BIDid:77077
Trust: 0.3
db:VULHUBid:VHN-83977
Trust: 0.1
sources:
            
            
            CERT/CC: VU#870744 // 
            
            
            
            CNVD: CNVD-2015-06900 // 
            
            
            
            VULHUB: VHN-83977 // 
            
            
            
            BID: 77077 // 
            
            
            
            JVNDB: JVNDB-2015-006593 // 
            
            
            
            CNNVD: CNNVD-201510-349 // 
            
            
            
            NVD: CVE-2015-6016

REFERENCES
url:https://www.kb.cert.org/vuls/id/870744
Trust: 3.4
url:https://www.kb.cert.org/vuls/id/bluu-9zqu2r
Trust: 1.9
url:http://www.zyxel.com/support/support_landing.shtml
Trust: 1.5
url:http://www.securitytracker.com/id/1034552
Trust: 1.1
url:http://www.securitytracker.com/id/1034553
Trust: 1.1
url:http://www.securitytracker.com/id/1034554
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6016
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97093739/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6016
Trust: 0.8
url:http://www.zyxel.com/th/th/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#870744 // 
            
            
            
            CNVD: CNVD-2015-06900 // 
            
            
            
            VULHUB: VHN-83977 // 
            
            
            
            BID: 77077 // 
            
            
            
            JVNDB: JVNDB-2015-006593 // 
            
            
            
            CNNVD: CNNVD-201510-349 // 
            
            
            
            NVD: CVE-2015-6016

CREDITS
Joel Land and Karn Ganeshen
Trust: 0.3
sources:
            
            
            BID: 77077

SOURCES
db:CERT/CCid:VU#870744
db:CNVDid:CNVD-2015-06900
db:VULHUBid:VHN-83977
db:BIDid:77077
db:JVNDBid:JVNDB-2015-006593
db:CNNVDid:CNNVD-201510-349
db:NVDid:CVE-2015-6016

LAST UPDATE DATE
2024-11-23T22:31:02.132000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#870744date:2015-10-29T00:00:00
db:CNVDid:CNVD-2015-06900date:2015-10-28T00:00:00
db:VULHUBid:VHN-83977date:2016-12-07T00:00:00
db:BIDid:77077date:2015-10-13T00:00:00
db:JVNDBid:JVNDB-2015-006593date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201510-349date:2016-01-04T00:00:00
db:NVDid:CVE-2015-6016date:2024-11-21T02:34:18.167

SOURCES RELEASE DATE
db:CERT/CCid:VU#870744date:2015-10-13T00:00:00
db:CNVDid:CNVD-2015-06900date:2015-10-28T00:00:00
db:VULHUBid:VHN-83977date:2015-12-31T00:00:00
db:BIDid:77077date:2015-10-13T00:00:00
db:JVNDBid:JVNDB-2015-006593date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201510-349date:2015-10-21T00:00:00
db:NVDid:CVE-2015-6016date:2015-12-31T05:59:14.833