← Back

CVE-2019-12583

nvd nistnuclei
Published: Jun 27, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

Affected (14)

Zyxel
14 products
Uag2100 Firmware
Uag4100 Firmware
Uag5100 Firmware
Usg110 Firmware
Usg210 Firmware
Usg310 Firmware
Usg1100 Firmware
Usg1900 Firmware
Usg2200 Vpn Firmware
Zywall Vpn100 Firmware
Zywall Vpn300 Firmware
Zywall 110 Firmware
Zywall 310 Firmware
Zywall 1100 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Uag2100 Firmware
Up to 4.18\(aaiz.1\)c0
Running on/withPlatform Versions
Zyxel
Uag2100
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Uag4100 Firmware
Up to 4.18\(aatd.1\)c0
Running on/withPlatform Versions
Zyxel
Uag4100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Uag5100 Firmware
Up to 4.18\(aapn.1\)c0
Running on/withPlatform Versions
Zyxel
Uag5100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg110 Firmware
Up to 4.33\(aaph.0\)c0
Running on/withPlatform Versions
Zyxel
Usg110
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg210 Firmware
Up to 4.33\(aapi.0\)c0
Running on/withPlatform Versions
Zyxel
Usg210
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg310 Firmware
Up to 4.33\(aapj.0\)c0
Running on/withPlatform Versions
Zyxel
Usg310
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg1100 Firmware
Up to 4.33\(aapk.0\)c0
Running on/withPlatform Versions
Zyxel
Usg1100
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg1900 Firmware
Up to 4.33\(aapl.0\)c0
Running on/withPlatform Versions
Zyxel
Usg1900
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg2200 Vpn Firmware
Up to 4.33\(abae.0\)c0
Running on/withPlatform Versions
Zyxel
Usg2200 Vpn
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn100 Firmware
Up to 10.02\(abfv.0\)c0
Running on/withPlatform Versions
Zyxel
Zywall Vpn100
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn300 Firmware
Up to 10.02\(abfc.0\)c0
Running on/withPlatform Versions
Zyxel
Zywall Vpn300
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall 110 Firmware
Up to 4.33\(aaaa.0\)c0
Running on/withPlatform Versions
Zyxel
Zywall 110
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall 310 Firmware
Up to 4.33\(aaab.0\)c0
Running on/withPlatform Versions
Zyxel
Zywall 310
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall 1100 Firmware
Up to 4.33\(aaac.0\)c0
Running on/withPlatform Versions
Zyxel
Zywall 1100
All versions

Related CWEs

CWE-425
Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.