Improper input validation in Zyxel P-660h-61
CVE-2013-3588
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.007 (72.7th percentile) — read the EPSS interpretation.
Affected products
- Zyxel P-660h-61
- Zyxel P-660h-63
- Zyxel P-660h-67
- Zyxel P-660h-d1
- Zyxel P-660h-d3
- Zyxel P-660h-t1 — versions v2
- Zyxel P-660h-t3 — versions v2
- Zyxel P-660hw — versions _t1
- Zyxel P-660hw_d1 — versions v2
- Zyxel P-660hw_d3
Weakness classification (CWE)
Public proof-of-concept exploits
References
- VU#893726 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
Frequently asked questions
- What is CVE-2013-3588?
- CVE-2013-3588 is a vulnerability in Zyxel P-660h-61, classified under Improper Input Validation. Published 2014-04-02.
- Is CVE-2013-3588 known to be exploited?
- 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.