Unauthenticated Access to Admin Password and Modem Interface on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) Devices

Unauthenticated Access to Admin Password and Modem Interface on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) Devices

CVE-2019-6725 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.

Learn more about our User Device Pen Test.