CVE-2008-1257

Description

Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.

Affected products

• Zyxel / p-660hw_t1 – _t1
• Zyxel / p-660hw_t1 – _t1
• Zyxel / p-660hw_d1
• Zyxel / p-660hw_d1v2 – v2
• Zyxel / p-660hw_d3
• Zyxel / p-660hw_t3
• Zyxel / p-660hw_t3v2 – v2

References

• MISChttp://www.securityfocus.com/archive/1/489009/100/0/threaded
• MISChttp://www.gnucitizen.org/projects/router-hacking-challenge/
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/41109