Vulnerabilites related to zyxel - usg1900
cve-2020-25014
Vulnerability from cvelistv5
Published
2020-11-27 17:18
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://businessforum.zyxel.com/categories/security-news-and-release | x_refsource_MISC | |
| https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://businessforum.zyxel.com/categories/security-news-and-release"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-27T17:18:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://businessforum.zyxel.com/categories/security-news-and-release"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://businessforum.zyxel.com/categories/security-news-and-release",
"refsource": "MISC",
"url": "https://businessforum.zyxel.com/categories/security-news-and-release"
},
{
"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25014",
"datePublished": "2020-11-27T17:18:30",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9955
Vulnerability from cvelistv5
Published
2019-04-22 19:38
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Apr/22 | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/46706/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page"
},
{
"name": "20190416 CVE-2019-9955 Refelected XSS on Zyxel Login page",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/22"
},
{
"name": "46706",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46706/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized \u0027mp_idx\u0027 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T19:38:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page"
},
{
"name": "20190416 CVE-2019-9955 Refelected XSS on Zyxel Login page",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/22"
},
{
"name": "46706",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46706/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized \u0027mp_idx\u0027 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page"
},
{
"name": "20190416 CVE-2019-9955 Refelected XSS on Zyxel Login page",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Apr/22"
},
{
"name": "46706",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46706/"
},
{
"name": "http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html"
},
{
"name": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9955",
"datePublished": "2019-04-22T19:38:59",
"dateReserved": "2019-03-23T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29583
Vulnerability from cvelistv5
Published
2020-12-22 00:00
Modified
2025-02-10 22:16
Severity ?
EPSS score ?
Summary
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/support/security_advisories.shtml"
},
{
"tags": [
"x_transferred"
],
"url": "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15"
},
{
"tags": [
"x_transferred"
],
"url": "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/support/CVE-2020-29583.shtml"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-29583",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T22:11:59.767015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-29583"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T22:16:05.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-28T00:43:07.540Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.zyxel.com/support/security_advisories.shtml"
},
{
"url": "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf"
},
{
"url": "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15"
},
{
"url": "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release"
},
{
"url": "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html"
},
{
"url": "https://www.zyxel.com/support/CVE-2020-29583.shtml"
},
{
"url": "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29583",
"datePublished": "2020-12-22T00:00:00.000Z",
"dateReserved": "2020-12-06T00:00:00.000Z",
"dateUpdated": "2025-02-10T22:16:05.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12583
Vulnerability from cvelistv5
Published
2019-06-27 14:01
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml | x_refsource_CONFIRM | |
| https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Access Control in the \"Free Time\" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T14:01:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Access Control in the \"Free Time\" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"name": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/",
"refsource": "MISC",
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12583",
"datePublished": "2019-06-27T14:01:02",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:39.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12581
Vulnerability from cvelistv5
Published
2019-06-27 14:10
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zyxel.com/us/en/ | x_refsource_MISC | |
| https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml | x_refsource_CONFIRM | |
| https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html | x_refsource_MISC | |
| https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zyxel.com/us/en/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T14:10:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zyxel.com/us/en/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/us/en/",
"refsource": "MISC",
"url": "https://www.zyxel.com/us/en/"
},
{
"name": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"name": "https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html"
},
{
"name": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/",
"refsource": "MISC",
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12581",
"datePublished": "2019-06-27T14:10:08",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:39.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9054
Vulnerability from cvelistv5
Published
2020-03-04 19:30
Modified
2025-02-07 13:09
Severity ?
EPSS score ?
Summary
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwe.mitre.org/data/definitions/78.html | x_refsource_MISC | |
| https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml | x_refsource_CONFIRM | |
| https://kb.cert.org/vuls/id/498544/ | third-party-advisory, x_refsource_CERT-VN | |
| https://kb.cert.org/artifacts/cve-2020-9054.html | x_refsource_MISC | |
| https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ZyXEL | NAS326 |
Version: V5.21(AAZF.7)C0 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml"
},
{
"name": "VU#498544",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/498544/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/artifacts/cve-2020-9054.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-9054",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:09:21.970154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9054"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T13:09:37.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NAS326",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V5.21(AAZF.7)C0",
"status": "affected",
"version": "V5.21(AAZF.7)C0",
"versionType": "custom"
}
]
},
{
"product": "NAS520",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V5.21(AASZ.3)C0",
"status": "affected",
"version": "V5.21(AASZ.3)C0",
"versionType": "custom"
}
]
},
{
"product": "NAS540",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V5.21(AATB.4)C0",
"status": "affected",
"version": "V5.21(AATB.4)C0",
"versionType": "custom"
}
]
},
{
"product": "NAS542",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V5.21(ABAG.4)C0",
"status": "affected",
"version": "V5.21(ABAG.4)C0",
"versionType": "custom"
}
]
},
{
"product": "NSA210",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "NSA220",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "NSA220+",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "NSA221",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "NSA310",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V4.75(AALH.2)C0",
"status": "affected",
"version": "V4.75(AALH.2)C0",
"versionType": "custom"
}
]
},
{
"product": "NSA320",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "NSA320S",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V4.75(AANV.2)C0",
"status": "affected",
"version": "V4.75(AANV.2)C0",
"versionType": "custom"
}
]
},
{
"product": "NSA325",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V4.81(AAAJ.1)C0",
"status": "affected",
"version": "V4.81(AAAJ.1)C0",
"versionType": "custom"
}
]
},
{
"product": "NSA325v2",
"vendor": "ZyXEL",
"versions": [
{
"lessThanOrEqual": "V4.81(AALS.1)C0",
"status": "affected",
"version": "V4.81(AALS.1)C0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Alex Holden of Hold Security for finding and reporting this vulnerability."
}
],
"datePublic": "2020-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2"
}
],
"exploits": [
{
"lang": "en",
"value": "https://kb.cert.org/artifacts/cve-2020-9054.html"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-04T19:30:18.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml"
},
{
"name": "VU#498544",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/498544/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/artifacts/cve-2020-9054.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/"
}
],
"solutions": [
{
"lang": "en",
"value": "ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, NAS542, ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100 devices."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi",
"workarounds": [
{
"lang": "en",
"value": "Block access to the ZyXEL device web interface:\n\nThis issue can be mitigated by blocking (for example with a firewall) access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Any machine that can access the ZyXEL web interface should not also be able to access the internet.\n\nRestrict access to vulnerable ZyXEL devices:\n\nDirect exploitation of this vulnerability can be mitigated by restricting access to vulnerable devices. In particular, do not expose such devices directly to the internet. Note however, that it is still possible for attackers to exploit devices that are not directly connected to the internet. For example, by way of viewing a web page."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2020-02-20T00:00:00.000Z",
"ID": "CVE-2020-9054",
"STATE": "PUBLIC",
"TITLE": "ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAS326",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V5.21(AAZF.7)C0",
"version_value": "V5.21(AAZF.7)C0"
}
]
}
},
{
"product_name": "NAS520",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V5.21(AASZ.3)C0",
"version_value": "V5.21(AASZ.3)C0"
}
]
}
},
{
"product_name": "NAS540",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V5.21(AATB.4)C0",
"version_value": "V5.21(AATB.4)C0"
}
]
}
},
{
"product_name": "NAS542",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V5.21(ABAG.4)C0",
"version_value": "V5.21(ABAG.4)C0"
}
]
}
},
{
"product_name": "NSA210",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "NSA220",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "NSA220+",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "NSA221",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "NSA310",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V4.75(AALH.2)C0",
"version_value": "V4.75(AALH.2)C0"
}
]
}
},
{
"product_name": "NSA320",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "NSA320S",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V4.75(AANV.2)C0",
"version_value": "V4.75(AANV.2)C0"
}
]
}
},
{
"product_name": "NSA325",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V4.81(AAAJ.1)C0",
"version_value": "V4.81(AAAJ.1)C0"
}
]
}
},
{
"product_name": "NSA325v2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V4.81(AALS.1)C0",
"version_value": "V4.81(AALS.1)C0"
}
]
}
}
]
},
"vendor_name": "ZyXEL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Alex Holden of Hold Security for finding and reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2"
}
]
},
"exploit": [
{
"lang": "en",
"value": "https://kb.cert.org/artifacts/cve-2020-9054.html"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/78.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"name": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml"
},
{
"name": "VU#498544",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/498544/"
},
{
"name": "https://kb.cert.org/artifacts/cve-2020-9054.html",
"refsource": "MISC",
"url": "https://kb.cert.org/artifacts/cve-2020-9054.html"
},
{
"name": "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/",
"refsource": "MISC",
"url": "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/"
}
]
},
"solution": [
{
"lang": "en",
"value": "ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, NAS542, ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100 devices."
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Block access to the ZyXEL device web interface:\n\nThis issue can be mitigated by blocking (for example with a firewall) access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Any machine that can access the ZyXEL web interface should not also be able to access the internet.\n\nRestrict access to vulnerable ZyXEL devices:\n\nDirect exploitation of this vulnerability can be mitigated by restricting access to vulnerable devices. In particular, do not expose such devices directly to the internet. Note however, that it is still possible for attackers to exploit devices that are not directly connected to the internet. For example, by way of viewing a web page."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-9054",
"datePublished": "2020-03-04T19:30:18.400Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2025-02-07T13:09:37.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-35029
Vulnerability from cvelistv5
Published
2021-07-02 10:29
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | USG/Zywall series Firmware |
Version: 4.35 through 4.64 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:49.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "USG/Zywall series Firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.35 through 4.64"
}
]
},
{
"product": "USG FLEX series Firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.35 through 5.01"
}
]
},
{
"product": "ATP series Firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.35 through 5.01"
}
]
},
{
"product": "VPN series Firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "4.35 through 5.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T10:29:07",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG/Zywall series Firmware",
"version": {
"version_data": [
{
"version_value": "4.35 through 4.64"
}
]
}
},
{
"product_name": "USG FLEX series Firmware",
"version": {
"version_data": [
{
"version_value": "4.35 through 5.01"
}
]
}
},
{
"product_name": "ATP series Firmware",
"version": {
"version_data": [
{
"version_value": "4.35 through 5.01"
}
]
}
},
{
"product_name": "VPN series Firmware",
"version": {
"version_data": [
{
"version_value": "4.35 through 5.01"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml",
"refsource": "MISC",
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2021-35029",
"datePublished": "2021-07-02T10:29:07",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-04T00:33:49.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202012-0977
Vulnerability from variot
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. Zyxel USG A device contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0977",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg60w",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg310",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "zywall110",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "atp800",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "atp100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg flex 200",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg flex 100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg210",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg20w-vpn",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg2200",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg110",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "vpn50",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg1100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "atp700",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg60",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "atp500",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg flex 700",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg40w",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "atp200",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "vpn100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg flex 500",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg40",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "atp100w",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "zywall1100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "zywall310",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg flex 100w",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "vpn1000",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg1900",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg20-vpn",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "vpn300",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.60"
},
{
"model": "usg210",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg110",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg60",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg40w",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg310",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg40",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg20w-vpn",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg1100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg20-vpn",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg60w",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"cve": "CVE-2020-29583",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-29583",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29583",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29583",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29583",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-29583",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1459",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-29583",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29583"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1459"
},
{
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. Zyxel USG A device contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29583"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "VULMON",
"id": "CVE-2020-29583"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29583",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014757",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1459",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-29583",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29583"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1459"
},
{
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"id": "VAR-202012-0977",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3888889
},
"last_update_date": "2024-11-23T22:25:13.966000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisories",
"trust": 0.8,
"url": "http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf"
},
{
"title": "Zyxel USG Series Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137990"
},
{
"title": "BruteX-master\nBruteX\nInstall script for BruteX\n\nVARS\nBruteX by @xer0dayz\nhttp://xerosecurity.com\n\nABOUT:\nBruteX is a simple bash script used to brute force all services on a target.\n\nINSTALL:\n./install.sh\n\nUSAGE:\nbrutex \u003cIP/hostname\u003e \n\nHYDRA SERVICES:\nasterisk cisco cisco-enable cvs ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql(v4) nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey teamspeak telnet[s] vmauthd vnc xmpp\nUN-COMMENT TO ENABLE PROXY",
"trust": 0.1,
"url": "https://github.com/MartinDojcinoski23/BruteX-master "
},
{
"title": "Scanner for Zyxel products which are vulnerable due to an undocumented user account (CVE-2020-29583)\nUsage",
"trust": 0.1,
"url": "https://github.com/2d4d/scan_CVE-2020-29583 "
},
{
"title": "Middleware-Vulnerability-detection\n\u514d\u8d23\u58f0\u660e\uff1a",
"trust": 0.1,
"url": "https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection "
},
{
"title": "Middleware-Vulnerability-detection\n\u514d\u8d23\u58f0\u660e\uff1a",
"trust": 0.1,
"url": "https://github.com/apachecn-archive/Middleware-Vulnerability-detection "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/ArrestX/--POC "
},
{
"title": "Normal-POC",
"trust": 0.1,
"url": "https://github.com/Miraitowa70/POC-Notes "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "Normal-POC",
"trust": 0.1,
"url": "https://github.com/Miraitowa70/Pentest-Notes "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/Threekiii/Awesome-POC "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/KayCHENvip/vulnerability-poc "
},
{
"title": "\u6b22\u8fce\u5173\u6ce8\u963f\u5c14\u6cd5\u5b9e\u9a8c\u5ba4\u5fae\u4fe1\u516c\u4f17\u53f7",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2020 "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cybercriminals-exploits-zyxel-flaw/162789/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29583"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1459"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/security_advisories.shtml"
},
{
"trust": 1.7,
"url": "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15"
},
{
"trust": 1.7,
"url": "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release"
},
{
"trust": 1.7,
"url": "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/cve-2020-29583.shtml"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29583"
},
{
"trust": 1.1,
"url": "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/"
},
{
"trust": 1.1,
"url": "http://ftp.zyxel.com/usg40/firmware/usg40_4.60%28aala.1%29c0_2.pdf"
},
{
"trust": 0.6,
"url": "http://ftp.zyxel.com/usg40/firmware/usg40_4.60(aala.1)c0_2.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://github.com/martindojcinoski23/brutex-master"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29583"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1459"
},
{
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-29583"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1459"
},
{
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29583"
},
{
"date": "2021-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"date": "2020-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1459"
},
{
"date": "2020-12-22T22:15:14.443000",
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29583"
},
{
"date": "2021-08-30T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2020-014757"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1459"
},
{
"date": "2024-11-21T05:24:15.697000",
"db": "NVD",
"id": "CVE-2020-29583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel\u00a0USG\u00a0 Vulnerability in plaintext storage of important information on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014757"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1459"
}
],
"trust": 0.6
}
}
var-201906-0481
Vulnerability from variot
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. Zyxel UAG , USG , ZyWall Devices have vulnerabilities related to authorization, permissions, and access control.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. ZyXEL ZyWall 310, etc. are all products of China Taiwan ZyXEL (ZyXEL). ZyXEL ZyWall 310 is a 310 series VPN firewall appliance. ZyXEL ZyWall 110 is a 110 series VPN firewall appliance. ZyXEL USG1900 is a next-generation unified security gateway device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg1900",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aapl.0\\)c0"
},
{
"model": "zywall 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aaac.0\\)c0"
},
{
"model": "zywall 110",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aaaa.0\\)c0"
},
{
"model": "uag2100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.18\\(aaiz.1\\)c0"
},
{
"model": "zywall 310",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aaab.0\\)c0"
},
{
"model": "usg310",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aapj.0\\)c0"
},
{
"model": "uag4100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.18\\(aatd.1\\)c0"
},
{
"model": "uag5100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.18\\(aapn.1\\)c0"
},
{
"model": "zywall vpn100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "10.02\\(abfv.0\\)c0"
},
{
"model": "zywall vpn300",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "10.02\\(abfc.0\\)c0"
},
{
"model": "usg110",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aaph.0\\)c0"
},
{
"model": "usg1100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aapk.0\\)c0"
},
{
"model": "usg2200-vpn",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(abae.0\\)c0"
},
{
"model": "usg210",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.33\\(aapi.0\\)c0"
},
{
"model": "uag2100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "uag4100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "uag5100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg110",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg1100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg1900",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg210",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg2200-vpn",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg310",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "zywall vpn100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:uag2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:uag4100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:uag5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg1900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg2200-vpn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg310_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:zywall_vpn100_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
}
]
},
"cve": "CVE-2019-12583",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-12583",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-144344",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-12583",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12583",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-12583",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1052",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-144344",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-12583",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144344"
},
{
"db": "VULMON",
"id": "CVE-2019-12583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1052"
},
{
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Missing Access Control in the \"Free Time\" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. Zyxel UAG , USG , ZyWall Devices have vulnerabilities related to authorization, permissions, and access control.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. ZyXEL ZyWall 310, etc. are all products of China Taiwan ZyXEL (ZyXEL). ZyXEL ZyWall 310 is a 310 series VPN firewall appliance. ZyXEL ZyWall 110 is a 110 series VPN firewall appliance. ZyXEL USG1900 is a next-generation unified security gateway device",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "VULHUB",
"id": "VHN-144344"
},
{
"db": "VULMON",
"id": "CVE-2019-12583"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12583",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005788",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1052",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-144344",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-12583",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144344"
},
{
"db": "VULMON",
"id": "CVE-2019-12583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1052"
},
{
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"id": "VAR-201906-0481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-144344"
}
],
"trust": 0.50806879
},
"last_update_date": "2024-11-23T23:08:23.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for vulnerabilities related to the Free Time feature",
"trust": 0.8,
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"title": "Multiple ZyXEL Product Privilege License and Access Control Issue Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112888"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1052"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144344"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-free-time-feature.shtml"
},
{
"trust": 1.8,
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12583"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12583"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144344"
},
{
"db": "VULMON",
"id": "CVE-2019-12583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1052"
},
{
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-144344"
},
{
"db": "VULMON",
"id": "CVE-2019-12583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1052"
},
{
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-144344"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12583"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"date": "2019-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1052"
},
{
"date": "2019-06-27T14:15:10.393000",
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-144344"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12583"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005788"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1052"
},
{
"date": "2024-11-21T04:23:08.263000",
"db": "NVD",
"id": "CVE-2019-12583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Zyxel Vulnerabilities related to authorization, authority, and access control in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005788"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1052"
}
],
"trust": 0.6
}
}
var-202003-1707
Vulnerability from variot
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2. plural ZyXEL Included in the product weblogin.cgi Is vulnerable to the execution of arbitrary commands. OS Command injection (CWE-78) - CVE-2020-9054 ZyXEL In multiple products offered by CGI Executable file weblogin.cgi Authentication is done using. About this vulnerability ZyXEL Made NAS Exploit codes for products are available on the Internet. Zyxel Technology is a provider of network broadband systems and solutions for internationally renowned brands. main
Products include DSL central office and terminal equipment, router equipment, network security equipment, wireless local area communication equipment,
It also provides full-range broadband network application integration solutions for Chinese enterprises, such as network telephones and Ethernet switches.
Multiple ZyXEL network-attached storage (NAS) devices have security holes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1707",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg110",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aaph.3\\)c0"
},
{
"model": "vpn1000",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall1100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "nas542",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.21\\(abag.4\\)c0"
},
{
"model": "usg2200",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abae.3\\)c0"
},
{
"model": "atp100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "nas520",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.21\\(aasz.3\\)c0"
},
{
"model": "usg1100",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aapk.3\\)c0"
},
{
"model": "usg1100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20w-vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abar.3\\)c0"
},
{
"model": "zywall1100",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aaac.3\\)c0"
},
{
"model": "usg20w-vpn",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "vpn300",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abfc.3\\)c0"
},
{
"model": "atp800",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abiq.3\\)c0"
},
{
"model": "usg40",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "atp100",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abps.3\\)c0"
},
{
"model": "vpn50",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "atp500",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "vpn1000",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abip.3\\)c0"
},
{
"model": "nas540",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.21\\(aatb.4\\)c0"
},
{
"model": "vpn100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20-vpn",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abaq.3\\)c0"
},
{
"model": "usg40w",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg1900",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg210",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aapi.3\\)c0"
},
{
"model": "zywall110",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aaaa.3\\)c0"
},
{
"model": "usg60",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall310",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aaab.3\\)c0"
},
{
"model": "vpn300",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "atp800",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall110",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg40w",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aalb.3\\)c0"
},
{
"model": "atp500",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abfu.3\\)c0"
},
{
"model": "nas326",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.21\\(aazf.7\\)c0"
},
{
"model": "usg310",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20-vpn",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg210",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg60w",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aakz.3\\)c0"
},
{
"model": "usg2200",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg110",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg60w",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg1900",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aapl.3\\)c0"
},
{
"model": "usg60",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aaky.3\\)c0"
},
{
"model": "vpn100",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abfv.3\\)c0"
},
{
"model": "usg40",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aala.3\\)c0"
},
{
"model": "atp200",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "atp200",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abfw.3\\)c0"
},
{
"model": "usg310",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(aapj.3\\)c0"
},
{
"model": "vpn50",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35\\(abhl.3\\)c0"
},
{
"model": "zywall310",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "atp100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "atp200",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "atp500",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "atp800",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nas 326",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nas 520",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nas 540",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nas 542",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg20-vpn",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg20w-vpn",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nas326 \u003cv5.21 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nas520 \u003cv5.21 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nas540 \u003cv5.21 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nas542 \u003cv5.21 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa210",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa220",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa220+",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa221",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa310",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa310s",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa320",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa320s",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa325",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "nsa325v2",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#498544"
},
{
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:atp100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:atp200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:atp500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:atp800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nas326_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nas520_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nas540_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nas542_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg20-vpn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg20w-vpn_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
}
]
},
"cve": "CVE-2020-9054",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-9054",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.1,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-9054",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-001758",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-15993",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9054",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-001758",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9054",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-9054",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2020-001758",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-15993",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1216",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-9054",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#498544"
},
{
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"db": "VULMON",
"id": "CVE-2020-9054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1216"
},
{
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2. plural ZyXEL Included in the product weblogin.cgi Is vulnerable to the execution of arbitrary commands. OS Command injection (CWE-78) - CVE-2020-9054 ZyXEL In multiple products offered by CGI Executable file weblogin.cgi Authentication is done using. About this vulnerability ZyXEL Made NAS Exploit codes for products are available on the Internet. Zyxel Technology is a provider of network broadband systems and solutions for internationally renowned brands. main\r\n\r\nProducts include DSL central office and terminal equipment, router equipment, network security equipment, wireless local area communication equipment,\r\n\r\nIt also provides full-range broadband network application integration solutions for Chinese enterprises, such as network telephones and Ethernet switches. \n\r\n\r\nMultiple ZyXEL network-attached storage (NAS) devices have security holes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9054"
},
{
"db": "CERT/CC",
"id": "VU#498544"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"db": "VULMON",
"id": "CVE-2020-9054"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/498544",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#498544"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#498544",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2020-9054",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU97748968",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15993",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1216",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-9054",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#498544"
},
{
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"db": "VULMON",
"id": "CVE-2020-9054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1216"
},
{
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"id": "VAR-202003-1707",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15993"
}
],
"trust": 1.5236111124999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15993"
}
]
},
"last_update_date": "2024-11-23T22:33:33.193000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for the remote code execution vulnerability of NAS products",
"trust": 0.8,
"url": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml"
},
{
"title": "Patch for Multiple ZyXEL Network Attached Storage (NAS) Device Pre-Verification Command Injection Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/207745"
},
{
"title": "Multiple ZyXEL Product operating system command injection vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=110815"
},
{
"title": "exploit",
"trust": 0.1,
"url": "https://github.com/Notionned101/exploit "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/Elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/top-microsoft-adobe-exploits-list/166241/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/new-mirai-variant-mukashi-targets-zyxel-nas-devices/153982/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/flaws-zyxels-network-management-software/153554/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2020/02/26/zyxel_security_hole/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"db": "VULMON",
"id": "CVE-2020-9054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1216"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-nas-products.shtml"
},
{
"trust": 3.3,
"url": "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/"
},
{
"trust": 2.6,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/498544/"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/artifacts/cve-2020-9054.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9054"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9054"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu97748968"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/498544/"
},
{
"trust": 0.7,
"url": "https://www.kb.cert.org/vuls/id/498544"
},
{
"trust": 0.6,
"url": "https://securityaffairs.co/wordpress/98461/hacking/zyxel-critical-rce.html"
},
{
"trust": 0.1,
"url": "https://github.com/notionned101/exploit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#498544"
},
{
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"db": "VULMON",
"id": "CVE-2020-9054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1216"
},
{
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#498544"
},
{
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"db": "VULMON",
"id": "CVE-2020-9054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1216"
},
{
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "CERT/CC",
"id": "VU#498544"
},
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"date": "2020-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9054"
},
{
"date": "2020-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1216"
},
{
"date": "2020-03-04T20:15:10.750000",
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CERT/CC",
"id": "VU#498544"
},
{
"date": "2020-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15993"
},
{
"date": "2020-03-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9054"
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001758"
},
{
"date": "2023-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1216"
},
{
"date": "2024-11-21T05:39:54.583000",
"db": "NVD",
"id": "CVE-2020-9054"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1216"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL pre-authentication command injection in weblogin.cgi",
"sources": [
{
"db": "CERT/CC",
"id": "VU#498544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1216"
}
],
"trust": 0.6
}
}
var-202107-0888
Vulnerability from variot
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. plural Zyxel There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0888",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg310",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg310",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg flex 100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg flex 200",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg flex 700",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "zywall atp100w",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "zywall atp100w",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg flex 100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg flex 700",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg60w",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "zywall atp100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall vpn300",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg20w-vpn",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg2200-vpn",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "zywall 110",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg60w",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall atp100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg2200-vpn",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg300",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg flex 200",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg110",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg40",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg40w",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "zywall vpn50",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "zywall atp200",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall 1100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg300",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg1000",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall vpn300",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall 110",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg110",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg1100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg1000",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg40w",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg40",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall atp200",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg1100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "zywall atp700",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "zywall atp800",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall atp800",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "zywall vpn50",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall 1100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg200",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg200",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "zywall atp700",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg60",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg1900",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg60",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg20w",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "zywall atp500",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg20-vpn",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg flex 500",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall atp500",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20-vpn",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg1900",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg210",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20w",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg50",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg flex 500",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg210",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg50",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "zywall vpn100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg flex 100w",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall vpn100",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "zywall 310",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg flex 100w",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "zywall 310",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg2000",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20",
"scope": "gte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.35"
},
{
"model": "usg20w-vpn",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "5.01"
},
{
"model": "usg2000",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.64"
},
{
"model": "usg210",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg1900",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg40",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg60",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg40w",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg110",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg300",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg310",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg60w",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg1100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"cve": "CVE-2021-35029",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-35029",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-35029",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-008898",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35029",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security@zyxel.com.tw",
"id": "CVE-2021-35029",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-35029",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-147",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-35029",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35029"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-147"
},
{
"db": "NVD",
"id": "CVE-2021-35029"
},
{
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. plural Zyxel There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35029"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "VULMON",
"id": "CVE-2021-35029"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35029",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008898",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-147",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35029",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35029"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-147"
},
{
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"id": "VAR-202107-0888",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.38938492750000003
},
"last_update_date": "2024-08-14T15:38:00.341000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel\u00a0security\u00a0advisory\u00a0for\u00a0attacks\u00a0against\u00a0security\u00a0appliances",
"trust": 0.8,
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml"
},
{
"title": "ZyXEL ZyWALL USG Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155962"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-147"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/zyxel_security_advisory_for_attacks_against_security_appliances.shtml"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35029"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35029"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-147"
},
{
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-35029"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-147"
},
{
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35029"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"date": "2021-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-147"
},
{
"date": "2021-07-02T11:15:08.930000",
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35029"
},
{
"date": "2022-03-31T04:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-008898"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-147"
},
{
"date": "2021-07-08T18:20:48.127000",
"db": "NVD",
"id": "CVE-2021-35029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Zyxel\u00a0 Firmware authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008898"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-147"
}
],
"trust": 0.6
}
}
var-201906-0479
Vulnerability from variot
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. Zyxel ZyWall , USG , UAG The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyXEL ZyWall 310, etc. are all products of China Taiwan ZyXEL (ZyXEL). ZyXEL ZyWall 310 is a 310 series VPN firewall appliance. ZyXEL ZyWall 110 is a 110 series VPN firewall appliance. ZyXEL USG1900 is a next-generation unified security gateway device. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0479",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usg210",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.30"
},
{
"model": "usg310",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.30"
},
{
"model": "usg1100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.30"
},
{
"model": "uag4100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.18\\(aatd.1\\)c0"
},
{
"model": "uag5100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.18\\(aapn.1\\)c0"
},
{
"model": "usg1900",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.30"
},
{
"model": "usg110",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.30"
},
{
"model": "usg2200-vpn",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.30"
},
{
"model": "uag2100",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.18\\(aaiz.1\\)c0"
},
{
"model": "uag2100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "uag4100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "uag5100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg110",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg1100",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg1900",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg210",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg2200-vpn",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "usg310",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:uag2100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:uag4100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:uag5100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg1100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg1900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg2200-vpn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg310_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
}
]
},
"cve": "CVE-2019-12581",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-12581",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-144342",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-12581",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12581",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-12581",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-144342",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-12581",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144342"
},
{
"db": "VULMON",
"id": "CVE-2019-12581"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1053"
},
{
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. Zyxel ZyWall , USG , UAG The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyXEL ZyWall 310, etc. are all products of China Taiwan ZyXEL (ZyXEL). ZyXEL ZyWall 310 is a 310 series VPN firewall appliance. ZyXEL ZyWall 110 is a 110 series VPN firewall appliance. ZyXEL USG1900 is a next-generation unified security gateway device. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12581"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "VULHUB",
"id": "VHN-144342"
},
{
"db": "VULMON",
"id": "CVE-2019-12581"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12581",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1053",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-144342",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-12581",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144342"
},
{
"db": "VULMON",
"id": "CVE-2019-12581"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1053"
},
{
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"id": "VAR-201906-0479",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-144342"
}
],
"trust": 0.50806879
},
"last_update_date": "2024-11-23T22:11:59.750000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.zyxel.com/us/en/"
},
{
"title": "Zyxel security advisory for vulnerabilities related to the Free Time feature",
"trust": 0.8,
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"title": "Multiple ZyXEL Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112889"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-12581"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144342"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html"
},
{
"trust": 1.8,
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-free-time-feature.shtml"
},
{
"trust": 1.8,
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
},
{
"trust": 1.8,
"url": "https://www.zyxel.com/us/en/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12581"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12581"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144342"
},
{
"db": "VULMON",
"id": "CVE-2019-12581"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1053"
},
{
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-144342"
},
{
"db": "VULMON",
"id": "CVE-2019-12581"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1053"
},
{
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-144342"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12581"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"date": "2019-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1053"
},
{
"date": "2019-06-27T15:15:09.170000",
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-144342"
},
{
"date": "2019-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12581"
},
{
"date": "2019-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005789"
},
{
"date": "2020-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1053"
},
{
"date": "2024-11-21T04:23:08.050000",
"db": "NVD",
"id": "CVE-2019-12581"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Zyxel Product site cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005789"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1053"
}
],
"trust": 0.6
}
}
var-201904-0115
Vulnerability from variot
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. plural ZyXEL The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyXELZyWall310 and other products are all products of ZyXEL Corporation of Taiwan, China. ZyXELZyWall310 is a 310 series VPN firewall device. ZyXELZyWall110 is a 110 series VPN firewall device. The ZyXELUSG1900 is a next-generation unified security gateway device. A cross-site scripting vulnerability exists in several Zyxel products that stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. ZyXEL ZyWall 310, etc. The following products are affected: Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, Zy0WALL
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "usg110",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg60w",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg60",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg40w",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg40",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg20w-vpn",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg20-vpn",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "atp800",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "atp500",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "atp200",
"scope": null,
"trust": 1.4,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg20w-vpn",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "zywall 310",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg110",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg1100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "zywall 1100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg2200-vpn",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "atp500",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg40w",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "atp200",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg40",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "vpn300",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "zywall 110",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg1900",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg20-vpn",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg60",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "vpn50",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "vpn100",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "atp800",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg60w",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg310",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "usg210",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "4.31"
},
{
"_id": null,
"model": "nbg-418n modem",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "v2"
},
{
"_id": null,
"model": "nas",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "326"
},
{
"_id": null,
"model": "usg1100",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg310",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg210",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "zywall",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "1100"
},
{
"_id": null,
"model": "zywall",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "310"
},
{
"_id": null,
"model": "zywall",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "110"
},
{
"_id": null,
"model": "usg2200-vpn",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"_id": null,
"model": "usg1900",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13778"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
},
{
"db": "NVD",
"id": "CVE-2019-9955"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:atp200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:atp500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:atp800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg20-vpn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg20w-vpn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg40_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg40w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:usg60w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
}
]
},
"credits": {
"_id": null,
"data": "Aaron Bishop",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-785"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9955",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-9955",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-13778",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-161390",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9955",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9955",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-9955",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-13778",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-785",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161390",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-9955",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13778"
},
{
"db": "VULHUB",
"id": "VHN-161390"
},
{
"db": "VULMON",
"id": "CVE-2019-9955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-785"
},
{
"db": "NVD",
"id": "CVE-2019-9955"
}
]
},
"description": {
"_id": null,
"data": "On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized \u0027mp_idx\u0027 parameter. plural ZyXEL The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyXELZyWall310 and other products are all products of ZyXEL Corporation of Taiwan, China. ZyXELZyWall310 is a 310 series VPN firewall device. ZyXELZyWall110 is a 110 series VPN firewall device. The ZyXELUSG1900 is a next-generation unified security gateway device. A cross-site scripting vulnerability exists in several Zyxel products that stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. ZyXEL ZyWall 310, etc. The following products are affected: Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, Zy0WALL ",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
},
{
"db": "CNVD",
"id": "CNVD-2019-13778"
},
{
"db": "VULHUB",
"id": "VHN-161390"
},
{
"db": "VULMON",
"id": "CVE-2019-9955"
}
],
"trust": 2.34
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46706",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9955"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9955",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "152525",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "46706",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-785",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13778",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161390",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9955",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13778"
},
{
"db": "VULHUB",
"id": "VHN-161390"
},
{
"db": "VULMON",
"id": "CVE-2019-9955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-785"
},
{
"db": "NVD",
"id": "CVE-2019-9955"
}
]
},
"id": "VAR-201904-0115",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13778"
},
{
"db": "VULHUB",
"id": "VHN-161390"
}
],
"trust": 1.2644510616666667
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13778"
}
]
},
"last_update_date": "2024-11-23T23:04:48.660000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Zyxel security advisory for reflected cross-site scripting vulnerability of firewalls",
"trust": 0.8,
"url": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml"
},
{
"title": "CVEs",
"trust": 0.1,
"url": "https://github.com/irbishop/CVEs "
},
{
"title": "CVEs",
"trust": 0.1,
"url": "https://github.com/irbishop/CVE "
},
{
"title": "nuclei-templates",
"trust": 0.1,
"url": "https://github.com/storenth/nuclei-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/Elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-9955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161390"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
},
{
"db": "NVD",
"id": "CVE-2019-9955"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://www.securitymetrics.com/blog/zyxel-devices-vulnerable-cross-site-scripting-login-page"
},
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2019/apr/22"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/152525/zyxel-zywall-cross-site-scripting.html"
},
{
"trust": 1.8,
"url": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/46706/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9955"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9955"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/46706"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/irbishop/cves"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13778"
},
{
"db": "VULHUB",
"id": "VHN-161390"
},
{
"db": "VULMON",
"id": "CVE-2019-9955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-785"
},
{
"db": "NVD",
"id": "CVE-2019-9955"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13778",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-161390",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-9955",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004359",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201904-785",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9955",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13778",
"ident": null
},
{
"date": "2019-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-161390",
"ident": null
},
{
"date": "2019-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9955",
"ident": null
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004359",
"ident": null
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-785",
"ident": null
},
{
"date": "2019-04-22T20:29:00.447000",
"db": "NVD",
"id": "CVE-2019-9955",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13778",
"ident": null
},
{
"date": "2019-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-161390",
"ident": null
},
{
"date": "2019-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9955",
"ident": null
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004359",
"ident": null
},
{
"date": "2019-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-785",
"ident": null
},
{
"date": "2024-11-21T04:52:39.943000",
"db": "NVD",
"id": "CVE-2019-9955",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "plural ZyXEL Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004359"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-785"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-06-27 14:15
Modified
2024-11-21 04:23
Severity ?
Summary
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | uag2100_firmware | * | |
| zyxel | uag2100 | - | |
| zyxel | uag4100_firmware | * | |
| zyxel | uag4100 | - | |
| zyxel | uag5100_firmware | * | |
| zyxel | uag5100 | - | |
| zyxel | usg110_firmware | * | |
| zyxel | usg110 | - | |
| zyxel | usg210_firmware | * | |
| zyxel | usg210 | - | |
| zyxel | usg310_firmware | * | |
| zyxel | usg310 | - | |
| zyxel | usg1100_firmware | * | |
| zyxel | usg1100 | - | |
| zyxel | usg1900_firmware | * | |
| zyxel | usg1900 | - | |
| zyxel | usg2200-vpn_firmware | * | |
| zyxel | usg2200-vpn | - | |
| zyxel | zywall_vpn100_firmware | * | |
| zyxel | zywall_vpn100 | - | |
| zyxel | zywall_vpn300_firmware | * | |
| zyxel | zywall_vpn300 | - | |
| zyxel | zywall_110_firmware | * | |
| zyxel | zywall_110 | - | |
| zyxel | zywall_310_firmware | * | |
| zyxel | zywall_310 | - | |
| zyxel | zywall_1100_firmware | * | |
| zyxel | zywall_1100 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECFD77B-1D28-4980-B6BF-3044D73355E8",
"versionEndIncluding": "4.18\\(aaiz.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:uag2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEE8768-0E03-4CD1-8359-A43C561E0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uag4100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D27376-0C62-44CD-8CA1-5C8B570C8232",
"versionEndIncluding": "4.18\\(aatd.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:uag4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B73627B-82A3-45C7-BEF0-39A703D5A91B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uag5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7458A1BE-4324-423F-B78D-31BAB1B40565",
"versionEndIncluding": "4.18\\(aapn.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:uag5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4680F0CF-486F-40D9-BE15-36E9E620DDB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AE7A03-A2F8-42BC-AB02-974391D7BDB3",
"versionEndIncluding": "4.33\\(aaph.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8168138F-9867-4EAC-B5B7-D624B13FD16A",
"versionEndIncluding": "4.33\\(aapi.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6922979-22DA-413C-B066-45C6342ECAEF",
"versionEndIncluding": "4.33\\(aapj.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E174E5-E76C-4415-911E-65AD07CFCBBD",
"versionEndIncluding": "4.33\\(aapk.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8F4182-5259-4A05-BFCF-A77482691794",
"versionEndIncluding": "4.33\\(aapl.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4E816-C4D3-451A-965C-45387D7DEB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg2200-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845ADB93-B13D-49AB-96AE-1663013B97FC",
"versionEndIncluding": "4.33\\(abae.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CB2401-479A-4124-B03F-589D7C1061FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D269DD7-A606-491A-BDC7-02049AC18C87",
"versionEndIncluding": "10.02\\(abfv.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BEFC3AA-7927-4226-A0D1-B024F19D050E",
"versionEndIncluding": "10.02\\(abfc.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABACC81-93A0-45EA-BBF7-AA946B9D1DDB",
"versionEndIncluding": "4.33\\(aaaa.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E119B7-A4CD-4CF1-945E-0F6FC3B2A625",
"versionEndIncluding": "4.33\\(aaab.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AF9535-452F-4448-B60B-00AAE00AEAFF",
"versionEndIncluding": "4.33\\(aaac.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Access Control in the \"Free Time\" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service."
},
{
"lang": "es",
"value": "El control de acceso que falta en el componente \"Tiempo libre\" de varios dispositivos Zyxel UAG, USG y ZyWall permite que un atacante remoto genere cuentas de invitado al acceder directamente al generador de cuentas. Esto puede llevar a un acceso no autorizado a la red o a una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-12583",
"lastModified": "2024-11-21T04:23:08.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-27T14:15:10.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-02 11:15
Modified
2024-11-21 06:11
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB64698-F450-405C-9D27-EE5A34466835",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4E816-C4D3-451A-965C-45387D7DEB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37AB8F08-EEEB-4318-8A5F-10211B61E852",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ED3A6D-68BC-48F6-AC34-99C5C012AF85",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C0676F-CA90-4E29-8131-AD2026E8E79D",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F17EF47-19AE-40BC-B547-B5900CC6D627",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DED36D6-2286-4CDF-BACF-48403F3FCCE0",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E355564-3F7A-4EE4-AD65-A84B78BB5395",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23F9913B-2AE5-4B07-9EED-5A5F18B3F541",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D485C08-FC2E-4569-BB49-249F7BDA149C",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB1AAB7-AACC-4535-8C30-2D1FF7B2D647",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3082ED-A564-494D-8427-B61F15F6DD88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9755AA21-D626-453A-A7E1-0069832E861A",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6626D8CA-2E58-46F7-9592-4922A3E6DF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg2000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EDA25D-48DE-4B4A-9792-D9587A6FB8FC",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "748C9FE8-E66D-480F-9688-75E563332A23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC24EC0-FA7F-4500-A9CB-4854286DD67D",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C3A2C-12EA-4FAE-B088-665A90494685",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01B72080-1F0E-484D-8929-67BC2585E62B",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B44BD562-5D3A-4E4F-B648-6E2D1F0B02C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDA4AA0-FE83-400C-A7AE-001611225552",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE138A97-1AB8-493D-92AA-276DFA40E14F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EAAF268-7195-4884-B90E-93054A8CAC95",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "656D8467-02C4-43F6-A64B-998300D71814",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8B5062-6330-4369-9D7F-EA54E6A990E9",
"versionEndIncluding": "4.64",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7F15F3-9A55-462F-8AE3-EE71B759DE68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6718F421-40F9-4599-9720-9F3461AD0693",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE8626E7-8B32-4F54-9078-2C7E182783F7",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D39FB8E-FF0D-40D2-A92D-FB1B2C89D29D",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "686F56DF-BE47-4A17-A275-F7F0F38A16CF",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "789C6F4B-1592-40C2-9DE1-1C436F6F2A2B",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B332B58-AF42-45E3-B224-9AD745485A14",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A899D2DE-8C74-4EA1-BD87-B8BF37CBFB6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33C164A-F565-47AB-8F8C-3D418F36638B",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F65954-FF1A-46A4-A003-FF8B9666880A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "817D54B2-A13E-4105-B63D-A0474BC63CD7",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F6D0AA-CDD4-4F1C-98F1-1B381023B3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1F9383-C537-4B57-B3B1-61F5E7165642",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA85BCA2-CEF5-44EF-BEFB-5DA2638F5F37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AF0390-357C-4249-A7CF-EE902836A2FE",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D50CC94B-4EAA-44A7-AEF1-415491572FB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FECB2D46-3776-4059-8F01-164641965C84",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC7EB91-65C4-45EA-9CB4-3B3961724DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA23975-C587-4BC1-986A-55DA451A05CB",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D902D9D2-5215-4A70-9D16-F1C3BA10EE18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24FD0B6C-EA3E-4AAC-BCFD-A58F0996988E",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6762B13C-6FD5-49D7-B2D6-4986BAC3D425",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC931102-95D8-4BF4-AA6B-F8F6CC4024C7",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C35A94-304B-46FB-BAA0-4E0C4F34BEDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F5F64E-3020-4453-A183-454EF80025A7",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECA11E7-4DCE-4030-9602-F7336A434817",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg2200-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED8D58-62BA-4225-8C68-0E8D75FB936C",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CB2401-479A-4124-B03F-589D7C1061FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4763C9-EC74-4CAE-8A72-162E51ABBA9E",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D54C6A9-B282-4B5C-BAB0-24FB03415FA4",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A67D33-EF8E-4B70-891A-51DD5B4680D8",
"versionEndIncluding": "5.01",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de la autenticaci\u00f3n en la interfaz de administraci\u00f3n basada en web de Zyxel USG/Zywall series versiones de firmware 4.35 hasta 4.64 y USG Flex, ATP, y VPN versiones de firmware 4.35 hasta 5.01, que podr\u00eda permitir a un atacante remoto ejecutar comandos arbitrarios en un dispositivo afectado"
}
],
"id": "CVE-2021-35029",
"lastModified": "2024-11-21T06:11:42.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-02T11:15:08.930",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-04 20:15
Modified
2025-02-07 13:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
References
Impacted products
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zyxel Multiple NAS Devices OS Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEC76CA-9F2C-4A44-93C5-C131E68B9A5E",
"versionEndExcluding": "5.21\\(aazf.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nas520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09DE98E7-CE8E-4F45-9F1E-4A4345FBD443",
"versionEndExcluding": "5.21\\(aasz.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nas520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07B2BA3D-40F0-4D59-8838-B226FAABF27E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "511D5E0C-9110-4505-8DC6-5C06A10CBC20",
"versionEndExcluding": "5.21\\(aatb.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F7264C-D32A-4EE9-BADC-78518D762BCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "608792D0-44B3-4A07-A48C-D3D71F26056D",
"versionEndExcluding": "5.21\\(abag.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B482F4E-6E1B-45BD-A114-C389E2CD7542",
"versionEndExcluding": "4.35\\(abps.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE3AD47-1C82-4B8B-87F4-E545A7DAFE5C",
"versionEndExcluding": "4.35\\(abfw.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "352E7F31-76DB-4786-BCC0-E11F43550EB1",
"versionEndExcluding": "4.35\\(abfu.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92E70F0C-D446-47B2-809B-D4680DAF13FC",
"versionEndExcluding": "4.35\\(abiq.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB019CF4-75AA-4CB0-BA44-42BE620C03B3",
"versionEndExcluding": "4.35\\(abaq.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C621E3-DD7D-4FD0-AD1F-6D7BFDCA38F7",
"versionEndExcluding": "4.35\\(abar.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E638CFB-A13D-429D-A8E7-275959673ED6",
"versionEndExcluding": "4.35\\(aala.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB73D7EE-6A50-4DA5-B9A3-36E39244FF23",
"versionEndExcluding": "4.35\\(aalb.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1183A743-F349-4D93-8943-C80F8976A2BE",
"versionEndExcluding": "4.35\\(aaky.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0D184B-31BB-4808-AF97-03599283F181",
"versionEndExcluding": "4.35\\(aakz.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8598C1A4-10CE-4092-9339-217AA27FF14D",
"versionEndExcluding": "4.35\\(aaph.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B42E5510-F6BB-40DA-8115-4D324DDCF5B2",
"versionEndExcluding": "4.35\\(aapi.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE7E2A7-3083-4AB7-ABA8-9EE8585DA1C1",
"versionEndExcluding": "4.35\\(aapj.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDB08DB-DFBD-4A3C-86FD-5383D4B60248",
"versionEndExcluding": "4.35\\(aapk.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAED492E-9FDD-4F6F-91E0-6EDA3036C725",
"versionEndExcluding": "4.35\\(aapl.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4E816-C4D3-451A-965C-45387D7DEB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A54DCF88-38E3-4660-ABC2-829B2DA5C445",
"versionEndExcluding": "4.35\\(abae.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "231547C3-33B8-42B7-983E-AA3C6CA5D107",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFB5E9D-75AD-4696-8EDF-A7726B5F2809",
"versionEndExcluding": "4.35\\(abhl.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5C5E12-CDDB-4DDF-AAA8-4AB499F5925F",
"versionEndExcluding": "4.35\\(abfv.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0120A42B-EA67-44DC-BE04-FECF0279187C",
"versionEndExcluding": "4.35\\(abfc.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A71B4358-0E6F-496E-BFCF-0B368CBD1D09",
"versionEndExcluding": "4.35\\(abip.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "025A43D2-42C3-4AEC-9C2E-61BAEB428545",
"versionEndExcluding": "4.35\\(aaaa.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2347F91E-8AA3-4EB5-AD7F-7602A46C20BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB2E4BB-5684-4081-B9BA-80808E8ADD6F",
"versionEndExcluding": "4.35\\(aaab.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A97613C-26EF-481E-9215-197FE7A9D1C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536BDA9F-4A29-4C59-8C39-F54794BE3026",
"versionEndExcluding": "4.35\\(aaac.3\\)c0",
"versionStartIncluding": "4.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53A5732E-193B-4017-A434-A76BE80E20D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2"
},
{
"lang": "es",
"value": "M\u00faltiples dispositivos network-attached storage (NAS) de ZyXEL cuando ejecutan la versi\u00f3n de firmware 5.21 contienen una vulnerabilidad de inyecci\u00f3n de comando previa a la autenticaci\u00f3n, que puede permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario sobre un dispositivo vulnerable. Los dispositivos NAS de ZyXEL alcanzan la autenticaci\u00f3n utilizando el archivo ejecutable CGI weblogin.cgi. Este programa no puede sanear apropiadamente el par\u00e1metro username que se le pas\u00f3. Si el par\u00e1metro de username contiene determinados caracteres, puede permitir una inyecci\u00f3n de comandos con los privilegios del servidor web que se ejecuta en el dispositivo ZyXEL. Aunque el servidor web no es ejecutado como el usuario root, los dispositivos ZyXEL incluyen una utilidad setuid que puede ser aprovechada para ejecutar cualquier comando con privilegios root. Como tal, se debe suponer que la explotaci\u00f3n de esta vulnerabilidad puede conducir a la ejecuci\u00f3n remota de c\u00f3digo con privilegios root. Mediante el env\u00edo de una petici\u00f3n HTTP POST o GET especialmente dise\u00f1ada hacia un dispositivo ZyXEL vulnerable, un atacante remoto no autenticado puede ejecutar c\u00f3digo arbitrario en el dispositivo. Esto puede presentarse al conectar directamente a un dispositivo si es expuesto directamente a un atacante. Sin embargo, existen maneras de activar tales peticiones dise\u00f1adas inclusive si un atacante no posee conectividad directa con dispositivos vulnerables. Por ejemplo, simplemente visitando un sitio web puede comprometer cualquier dispositivo ZyXEL al que se pueda acceder desde el sistema cliente. Los productos afectados incluyen: NAS326 antes de la versi\u00f3n de firmware V5.21(AAZF.7)C0, NAS520 antes de la versi\u00f3n de firmware V5.21(AASZ.3)C0, NAS540 antes de la versi\u00f3n de firmware V5.21(AATB.4)C0 NAS542 antes de la versi\u00f3n de firmware V5.21(ABAG.4)C0. ZyXEL ha puesto a disposici\u00f3n actualizaciones de firmware para dispositivos NAS326, NAS520, NAS540 y NAS542. Modelos afectados que se encuentran en el final del soporte: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 y NSA325v2."
}
],
"id": "CVE-2020-9054",
"lastModified": "2025-02-07T13:15:31.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-03-04T20:15:10.750",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/artifacts/cve-2020-9054.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/498544/"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/artifacts/cve-2020-9054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/498544/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-27 18:15
Modified
2024-12-12 16:23
Severity ?
Summary
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E32879-01A2-49B1-A354-068CEB1CA3A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92CE6F04-403B-4A52-A3A5-DD0190CF15D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F7F370-C585-45FE-A7F7-40BFF13928CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38B7995C-80E0-413B-9F2C-387EF3703927",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D84DDB81-DE66-4427-8833-633B45A45A14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F11F36C-60DB-4D81-A320-53EEE43758C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C65DB5E9-2FE3-4807-970E-A42FDF82B50E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82864EF6-B63D-4947-A18C-AE0156CCA7FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4E816-C4D3-451A-965C-45387D7DEB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CB2401-479A-4124-B03F-589D7C1061FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40B7360-E9B0-4198-8163-CEADE7525E66",
"versionEndIncluding": "4.55",
"versionStartIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123-ac_hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0FB576-76A2-4A25-979E-5E5B3BF5C636",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123-ac_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145723DB-C34B-4C2A-B3C2-7A5CFEF503CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC41216-BA1D-4D89-BA08-4A3EDC9EA6B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1123-acv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49C40B96-55B2-44AA-A75A-92EEEE93371C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac5302d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AA4FC1-E3E4-499F-B0C1-22B738DA4DA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa5120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "109301CB-1A6F-4FF2-A64E-55D698A601CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa5301-nj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328EB14D-84E9-4F4B-8277-43F52644AE7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BA1F7B-B2D2-44D6-83A4-859DF7BAC001",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F08117-0BCE-4EA1-8DA7-1AC4EFF67E2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B504AA70-D60A-4158-B3A5-BADBED2F8BAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wac6100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "227EDB1C-0070-4B5D-9070-B4717DB3DF08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC4D19-A1FA-4539-A672-46207670D9DF",
"versionEndIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:-:*:*:*:*:*:*",
"matchCriteriaId": "23C1F0FA-38F5-4EA0-AEE0-219C34DCCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch1:*:*:*:*:*:*",
"matchCriteriaId": "A3B4EC91-B091-474F-B2E9-4DF474746547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch2:*:*:*:*:*:*",
"matchCriteriaId": "D3831184-A454-4E0D-9B1D-653C5FF7A6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch3:*:*:*:*:*:*",
"matchCriteriaId": "CC14EDB3-613B-4531-9581-1A9687E27ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch4:*:*:*:*:*:*",
"matchCriteriaId": "C5B8CBD3-5115-4813-A372-66C0312DA95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch5:*:*:*:*:*:*",
"matchCriteriaId": "725083DF-B9BE-45DD-B999-511528F2C4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch6:*:*:*:*:*:*",
"matchCriteriaId": "0B9218D6-0DBF-45A8-ABED-AAC6C800B88F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:access_points_firmware:6.10:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5D785597-7B27-4910-A4A0-0E2968CA7488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nwa1302-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA514BB-B688-4EBD-9530-F5112F7503F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el archivo fbwifi_continue.cgi en Zyxel serie UTM y VPN de puertas de enlace que ejecutan la versi\u00f3n de firmware V4.30 hasta la V4.55, lo que permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario por medio de un paquete http dise\u00f1ado"
}
],
"id": "CVE-2020-25014",
"lastModified": "2024-12-12T16:23:25.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-27T18:15:11.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://businessforum.zyxel.com/categories/security-news-and-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://businessforum.zyxel.com/categories/security-news-and-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-27 15:15
Modified
2024-11-21 04:23
Severity ?
Summary
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | uag2100_firmware | * | |
| zyxel | uag2100 | - | |
| zyxel | uag4100_firmware | * | |
| zyxel | uag4100 | - | |
| zyxel | uag5100_firmware | * | |
| zyxel | uag5100 | - | |
| zyxel | usg110_firmware | * | |
| zyxel | usg110 | - | |
| zyxel | usg210_firmware | * | |
| zyxel | usg210 | - | |
| zyxel | usg310_firmware | * | |
| zyxel | usg310 | - | |
| zyxel | usg1100_firmware | * | |
| zyxel | usg1100 | - | |
| zyxel | usg1900_firmware | * | |
| zyxel | usg1900 | - | |
| zyxel | usg2200-vpn_firmware | * | |
| zyxel | usg2200-vpn | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECFD77B-1D28-4980-B6BF-3044D73355E8",
"versionEndIncluding": "4.18\\(aaiz.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:uag2100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAEE8768-0E03-4CD1-8359-A43C561E0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uag4100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D27376-0C62-44CD-8CA1-5C8B570C8232",
"versionEndIncluding": "4.18\\(aatd.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:uag4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B73627B-82A3-45C7-BEF0-39A703D5A91B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:uag5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7458A1BE-4324-423F-B78D-31BAB1B40565",
"versionEndIncluding": "4.18\\(aapn.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:uag5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4680F0CF-486F-40D9-BE15-36E9E620DDB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A89EA1-35FB-42DB-9F3D-050569A04609",
"versionEndIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4A1A1F-C3D5-4376-95CF-438EB912E2E3",
"versionEndIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33CCF40D-933E-43ED-BC21-A2E882A2722C",
"versionEndIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F578840A-0983-4098-A669-9B2C1A771CB3",
"versionEndIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE81082-8528-498F-958F-BCBD7FE28EE8",
"versionEndIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4E816-C4D3-451A-965C-45387D7DEB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg2200-vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36787E1F-7E98-4CB1-8CBB-F0903EF4203F",
"versionEndIncluding": "4.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CB2401-479A-4124-B03F-589D7C1061FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad reflexiva de cross-site-scripting (XSS) en el programa free_time_failed.cgi CGI en dispositivos seleccionados Zyxel ZyWall, USG y UAG permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro err_msg."
}
],
"id": "CVE-2019-12581",
"lastModified": "2024-11-21T04:23:08.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-27T15:15:09.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/us/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/us/en/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-22 22:15
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
References
Impacted products
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "660A9038-66FB-4F71-BA50-8ED69C2E2274",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "E892C61D-80DE-4FA4-9224-1B3C72A31F57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "29398F33-D8B4-432D-A075-4454DA1B23F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "BA146A61-7B27-4E48-87C1-A82F45FB692A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "14F685CA-FBD9-4A00-BB23-BF914DFE41D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "022CF987-20A8-4450-A8B8-94AF2F2D453E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg110_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "7540894B-A1EF-40C3-ABD3-D58CDB45622F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg210_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "6556E988-676D-4E7A-BDC2-A53256548FEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg310_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "56EF63D0-63DD-4EFD-AE7A-5680710AE573",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1100_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8451A4C8-2023-41A4-81A9-91565CEC6918",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1900_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "7391C72E-CAB3-4FAD-9FB6-789F48516C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4E816-C4D3-451A-965C-45387D7DEB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg2200_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B7B49D-7DB2-4D44-AC55-6B1F828B512D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "231547C3-33B8-42B7-983E-AA3C6CA5D107",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall110_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "52922CA2-1C1E-4972-A52E-D9FA84BCC4C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2347F91E-8AA3-4EB5-AD7F-7602A46C20BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall310_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C9336382-E759-4869-9B59-57366E176CA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A97613C-26EF-481E-9215-197FE7A9D1C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall1100_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "271DE232-FAED-48A1-891C-33A6FDBA9EAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53A5732E-193B-4017-A434-A76BE80E20D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC9FE97-6B7D-41E8-879C-572B23CB1105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "61489A79-AAF5-4347-9E10-73F139D30EE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "BB876002-669D-4052-B1B0-DA8F0B4EC500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6231DF-ADB3-43A9-AC3B-C72905584B05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC5E3D-2103-4545-8611-B1C49B4B5BAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "246B2EF8-6412-4E69-91A5-B394BF4D299F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A568BA-58D3-400C-9742-8E966C90D83E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "65E48F65-A408-4A93-BBBC-44D5054D9841",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2E5F78-7F7B-46BA-A7B1-0A49F4A6509D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "E39AE158-E577-403B-867E-CCD5F8EE5FC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "14484416-6575-4E23-96A7-F37936F75BAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "A0597006-8FA7-4622-9C13-AFE9767CADE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "28D39C78-DD5A-47FB-9590-B79AABA1038B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "438B93F0-7CBF-49E9-B556-CFEFE2E6EED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "414BCC73-277B-48FD-8273-B33A780806D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges."
},
{
"lang": "es",
"value": "La versi\u00f3n de firmware 4.60 de los dispositivos Zyxel USG contiene una cuenta no documentada (zyfwp) con una contrase\u00f1a que no puede ser cambiada.\u0026#xa0;La contrase\u00f1a para esta cuenta se puede encontrar en texto sin cifrar en el firmware.\u0026#xa0;Esta cuenta puede ser usada por alguien para iniciar sesi\u00f3n en el servidor ssh o en la interfaz web con privilegios de administrador"
}
],
"id": "CVE-2020-29583",
"lastModified": "2025-02-04T21:15:19.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-12-22T22:15:14.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/CVE-2020-29583.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/security_advisories.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/CVE-2020-29583.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/security_advisories.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-22 20:29
Modified
2024-11-21 04:52
Severity ?
Summary
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | atp200_firmware | 4.31 | |
| zyxel | atp200 | - | |
| zyxel | atp500_firmware | 4.31 | |
| zyxel | atp500 | - | |
| zyxel | atp800_firmware | 4.31 | |
| zyxel | atp800 | - | |
| zyxel | usg20-vpn_firmware | 4.31 | |
| zyxel | usg20-vpn | - | |
| zyxel | usg20w-vpn_firmware | 4.31 | |
| zyxel | usg20w-vpn | - | |
| zyxel | usg40_firmware | 4.31 | |
| zyxel | usg40 | - | |
| zyxel | usg40w_firmware | 4.31 | |
| zyxel | usg40w | - | |
| zyxel | usg60_firmware | 4.31 | |
| zyxel | usg60 | - | |
| zyxel | usg60w_firmware | 4.31 | |
| zyxel | usg60w | - | |
| zyxel | usg110_firmware | 4.31 | |
| zyxel | usg110 | - | |
| zyxel | usg210_firmware | 4.31 | |
| zyxel | usg210 | - | |
| zyxel | usg310_firmware | 4.31 | |
| zyxel | usg310 | - | |
| zyxel | usg1100_firmware | 4.31 | |
| zyxel | usg1100 | - | |
| zyxel | usg1900_firmware | 4.31 | |
| zyxel | usg1900 | - | |
| zyxel | usg2200-vpn_firmware | 4.31 | |
| zyxel | usg2200-vpn | - | |
| zyxel | zywall_110_firmware | 4.31 | |
| zyxel | zywall_110 | - | |
| zyxel | zywall_310_firmware | 4.31 | |
| zyxel | zywall_310 | - | |
| zyxel | zywall_1100_firmware | 4.31 | |
| zyxel | zywall_1100 | - | |
| zyxel | vpn50_firmware | - | |
| zyxel | vpn50 | - | |
| zyxel | vpn100_firmware | - | |
| zyxel | vpn100 | - | |
| zyxel | vpn300_firmware | - | |
| zyxel | vpn300 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A0490C84-596F-48E7-A9EC-F22AC71C645A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "205C9D58-FB8B-486A-81AF-D55D0B6550CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB5D8BA-658C-409B-8D75-DA9C33DCB91B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C73CD6FB-DDC7-4C71-932F-1B945F8BF5DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1BD569-475E-47AC-B0FA-0E2E7A78D0E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0266E1-34D4-4875-960E-4549E062BD64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C81C76F5-C81A-4AF3-8CC3-7BB560D07500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D709F4D3-B94D-40A7-AFDF-235DCBBF34BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B031CA-1C69-4E04-846F-9D6BBA2F40F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg110_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "D8018BB3-EF08-4FB7-A8FD-DF69F203D6E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg210_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "28A4D6DA-18D4-4214-9305-C15AA69581E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg310_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "737B376F-7CFF-4863-9C3B-43B033F17732",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1100_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "441D2612-E0E3-4123-94FC-6A1B7AD74203",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg1900_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "828A57FD-E3EB-4E42-ACEB-A660B13AF5FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4E816-C4D3-451A-965C-45387D7DEB5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:usg2200-vpn_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4E83E1-B78F-40FF-8EEC-0AB4A1E484E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CB2401-479A-4124-B03F-589D7C1061FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF4C9AA-CCF9-4457-9BAD-056686ECC7B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "22D33EC8-AA9B-4BE9-9BE0-239CAD587E1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "886C5968-ACD9-411F-B6D2-00DB0A18BAE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2834B453-1A34-47D2-8E65-030219AFED6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4182F61A-D7FE-43EF-A884-9B2640EB78E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B30794EC-E419-448E-8C9F-E8BB583E1AE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized \u0027mp_idx\u0027 parameter."
},
{
"lang": "es",
"value": "En dispositivos Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100. La p\u00e1gina de inicio de sesi\u00f3n del servidor de seguridad es vulnerable a Reflected XSS por medio del par\u00e1metro \u0027mp_idx\u0027 no saneado."
}
],
"id": "CVE-2019-9955",
"lastModified": "2024-11-21T04:52:39.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T20:29:00.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/22"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46706/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Apr/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46706/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}