Details of VAR-201512-0083

ID

VAR-201512-0083

CVE

CVE-2015-6017

TITLE

ZyXEL P-660HW-T1 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-06885 // CNNVD: CNNVD-201510-348

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. ZyXEL P-660HW-T1 v2 Device firmware ZyNOS of Forms/rpAuth_1 Contains a cross-site scripting vulnerability. In addition, JVNVU#97093739 Then CWE-80 It is published as CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) http://cwe.mitre.org/data/definitions/80.htmlBy a third party (1) LoginPassword Or (2) hiddenPassword Any via parameter Web Script or HTML May be inserted. The Zyxel P-660HW-T1 is a wireless router product from ZyXEL Technology. Multiple ZyXEL Routers are prone to following security vulnerabilities: 1. An insecure default-password vulnerability 2. A command-execution vulnerability 4. A security-bypass vulnerability 5. An authorization-bypass Successful exploits allow attacker-supplied HTML and script code to run in the context of the affected browser potentially allowing attackers to steal cookie-based authentication credentials, execute arbitrary commands, to gain unauthorized access and bypass security restrictions and perform unauthorized actions

Trust: 3.24

sources: NVD: CVE-2015-6017 // CERT/CC: VU#870744 // JVNDB: JVNDB-2015-006594 // CNVD: CNVD-2015-06885 // BID: 77077 // VULHUB: VHN-83978

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-06885

AFFECTED PRODUCTS

vendor:	zyxel	model:	p-660hw-t1 v2	scope:	eq	version:	3.40\(axh.0\)	Trust: 1.6
vendor:	zyxel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	p-660hw-t1 v2	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	zynos	scope:	eq	version:	3.40 (axh.0) (2007 year 3 moon 30 day )	Trust: 0.8
vendor:	zyxel	model:	p-660hw-t1	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	pmg5318-b20a v100aanc0b5	scope:	-	version:	-	Trust: 0.3
vendor:	zyxel	model:	p-660hw-t1 3.40	scope:	eq	version:	v2	Trust: 0.3
vendor:	zyxel	model:	nbg-418n	scope:	eq	version:	0	Trust: 0.3
vendor:	zyxel	model:	pmg5318-b20a 1.00 c0	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06885 // BID: 77077 // JVNDB: JVNDB-2015-006594 // CNNVD: CNNVD-201510-348 // NVD: CVE-2015-6017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6017
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6017
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06885
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201510-348
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83978
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6017
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06885
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-83978
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6017
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2015-06885 // VULHUB: VHN-83978 // JVNDB: JVNDB-2015-006594 // CNNVD: CNNVD-201510-348 // NVD: CVE-2015-6017

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-83978 // JVNDB: JVNDB-2015-006594 // NVD: CVE-2015-6017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-348

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201510-348

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006594

PATCH

title:	P-660HW-T1 v2	url:	http://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=MD06084&md=P-660HW-T1%20v2	Trust: 0.8
title:	ZyXEL Support Center - Latest Release	url:	http://www.zyxel.com/support/support_landing.shtml	Trust: 0.8
title:	Patch for ZyXEL P-660HW-T1 Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/65621	Trust: 0.6

sources: CNVD: CNVD-2015-06885 // JVNDB: JVNDB-2015-006594

EXTERNAL IDS

db:	CERT/CC	id:	VU#870744	Trust: 4.2
db:	NVD	id:	CVE-2015-6017	Trust: 3.4
db:	SECTRACK	id:	1034552	Trust: 1.1
db:	JVN	id:	JVNVU97093739	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006594	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-348	Trust: 0.7
db:	CNVD	id:	CNVD-2015-06885	Trust: 0.6
db:	BID	id:	77077	Trust: 0.3
db:	VULHUB	id:	VHN-83978	Trust: 0.1

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06885 // VULHUB: VHN-83978 // BID: 77077 // JVNDB: JVNDB-2015-006594 // CNNVD: CNNVD-201510-348 // NVD: CVE-2015-6017

REFERENCES

url:	https://www.kb.cert.org/vuls/id/870744	Trust: 3.4
url:	https://www.kb.cert.org/vuls/id/bluu-9zqu2r	Trust: 1.9
url:	http://www.zyxel.com/support/support_landing.shtml	Trust: 1.5
url:	http://www.securitytracker.com/id/1034552	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6017	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97093739/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6017	Trust: 0.8
url:	http://www.zyxel.com/th/th/	Trust: 0.3

sources: CERT/CC: VU#870744 // CNVD: CNVD-2015-06885 // VULHUB: VHN-83978 // BID: 77077 // JVNDB: JVNDB-2015-006594 // CNNVD: CNNVD-201510-348 // NVD: CVE-2015-6017

CREDITS

Joel Land and Karn Ganeshen

Trust: 0.3

sources: BID: 77077

SOURCES

db:	CERT/CC	id:	VU#870744
db:	CNVD	id:	CNVD-2015-06885
db:	VULHUB	id:	VHN-83978
db:	BID	id:	77077
db:	JVNDB	id:	JVNDB-2015-006594
db:	CNNVD	id:	CNNVD-201510-348
db:	NVD	id:	CVE-2015-6017

LAST UPDATE DATE

2024-11-23T22:31:02.334000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#870744	date:	2015-10-29T00:00:00
db:	CNVD	id:	CNVD-2015-06885	date:	2015-10-28T00:00:00
db:	VULHUB	id:	VHN-83978	date:	2016-12-07T00:00:00
db:	BID	id:	77077	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006594	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201510-348	date:	2016-01-04T00:00:00
db:	NVD	id:	CVE-2015-6017	date:	2024-11-21T02:34:18.300

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#870744	date:	2015-10-13T00:00:00
db:	CNVD	id:	CNVD-2015-06885	date:	2015-10-27T00:00:00
db:	VULHUB	id:	VHN-83978	date:	2015-12-31T00:00:00
db:	BID	id:	77077	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006594	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201510-348	date:	2015-10-21T00:00:00
db:	NVD	id:	CVE-2015-6017	date:	2015-12-31T05:59:15.880