CVE-2015-6016 - ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00A

CVE-2015-6016

Summary

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:h:zyxel:nbg-418n:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nbg-418n:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:p-660hw-t1_2:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:p-660hw-t1_2:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zynos_firmware:3.40\(axh.0\):*:*:*:*:*:*:*
cpe:2.3:o:zyxel:zynos_firmware:3.40\(axh.0\):*:*:*:*:*:*:*
cpe:2.3:o:zyxel:pmg5318-b20a_firmware:v100aanc0b5:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:pmg5318-b20a_firmware:v100aanc0b5:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 07-12-2016 - 18:17)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS16-079
bulletin_url
date	2016-06-14T00:00:00
impact	Elevation of Privilege
knowledgebase_id	3160339
knowledgebase_url
severity	Important
title	Security Update for Microsoft Exchange Server

refmap via4

cert-vn	VU#870744
confirm	https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R
sectrack	1034552 1034553 1034554

Last major update

07-12-2016 - 18:17

Published

31-12-2015 - 05:59

Last modified

07-12-2016 - 18:17