Medium severity6.1NVD Advisory· Published Dec 31, 2015· Updated Jun 17, 2026

CVE-2015-6017

Description

Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Zyxel/P 660hw T1 V2 Firmware
cpe:2.3:o:zyxel:p-660hw-t1_v2_firmware:3.40\(axh.0\):*:*:*:*:*:*:*
Zyxel/P 660hwllm-fuzzy
Range: =3.40(AXH.0)

Patches

Vulnerability mechanics

References

www.kb.cert.org/vuls/id/870744nvdThird Party AdvisoryUS Government Resource
www.kb.cert.org/vuls/id/BLUU-9ZQU2RnvdThird Party AdvisoryUS Government Resource
www.securitytracker.com/id/1034552nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000