製品・ソフトウェアに関する情報

JVN脆弱性詳細

ZyXEL Prestige ルータにおけるパスワードを破られる脆弱性

Title	ZyXEL Prestige ルータにおけるパスワードを破られる脆弱性
Summary	P-660、P-661、および P-662 を含む ZyXEL Prestige ルータは、HD5 パスワードハッシュを計算する際、salt を使用しないため、パスワードを破られる脆弱性が存在します。
Possible impacts	攻撃者により、パスワードを破られる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 26, 2008, midnight
Registration Date	Dec. 20, 2012, 6:52 p.m.
Last Update	Dec. 20, 2012, 6:52 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

ZyXEL

prestige 660 firmware 3.40(PE9) および 3.40(AGD.2) から 3.40(AHQ.3)

prestige 661 firmware 3.40(PE9) および 3.40(AGD.2) から 3.40(AHQ.3)

ZyNOS

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1526	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1526
National Vulnerability Database (NVD)
2	CVE-2008-1526	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1526

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
ZyXEL
1	Top Page	http://www.zyxel.com/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-1526

Summary	ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
Summary	Los routers ZyXEL Prestige, incluyendo los modelos P-660, P-661 y P-662 con firmware 3.40(PE9) y 3.40(AGD.2) hasta la 3.40(AHQ.3), no utilizan salt cuando se calcula el hash de una contraseña MD5, lo cual facilita a los atacantes craquear contraseñas.
Publication Date	March 26, 2008, 7:44 p.m.
Registration Date	Jan. 29, 2021, 1:34 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:zyxel:p-663hn-51_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-663hn-51_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660h-61_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660h-61_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660h-63_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660h-63_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660h-67_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660h-67_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660h-d1_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660h-d1_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660h-d3_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660h-d3_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660hn-51_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660hn-51_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660h-t1_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660h-t1_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660hw_d1_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660hw_d1_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660hw_d3_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660hw_d3_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-660hw_t3_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-660hw_t3_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-661hnu-f1_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-661hnu-f1_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-661h_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-661h_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-661hw-d1_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-661hw-d1_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-661hnu-f3_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-661hnu-f3_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-662hw-d3_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-662hw-d3_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-662hw-d_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-662hw-d_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-662hw-d1_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-662hw-d1_firmware:3.40\(pe9\):::::::*
cpe:2.3:o:zyxel:p-662h-61_firmware::::::::	3.40\(agd.2\)	3.40\(ahq.3\)
cpe:2.3:o:zyxel:p-662h-61_firmware:3.40\(pe9\):::::::*

Configuration2		or higher	or less	more than	less than

Related information, measures and tools

No	URL	refsource
1	http://www.gnucitizen.org/projects/router-hacking-challenge/	cve@mitre.org
2	http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf	cve@mitre.org
3	http://www.securityfocus.com/archive/1/489009/100/0/threaded	cve@mitre.org
4	http://www.gnucitizen.org/projects/router-hacking-challenge/	af854a3a-2127-422b-91ae-364da2661108
5	http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf	af854a3a-2127-422b-91ae-364da2661108
6	http://www.securityfocus.com/archive/1/489009/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-916	強度が不十分なパスワードハッシュの使用	https://cwe.mitre.org/data/definitions/916.html