ZyXEL Prestige P-660, P-661, P-662 firmware 3.40(PE9), 3.40(AGD.2) through 3.40(AHQ.3)
Summary
This vulnerability affects widely used consumer and small business ZyXEL Prestige routers. The device does not use a cryptographic salt when generating MD5 password hashes for user credentials. This makes it significantly easier for attackers to crack stolen hashes via brute force or rainbow table attacks to gain administrative access.
Remediation
Upgrade to the latest supported firmware from ZyXEL that implements secure salted password hashing. If no updated firmware is available, enforce use of long, complex unique passwords to increase the difficulty of successful hash cracking. Restrict administrative router access to trusted local networks only.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.