CVE-2019-17354

Published: Oct 9, 2019Modified: Nov 21, 2024

9.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Exploitability: 3.9 / Impact: 5.5

Source: NVD

Description

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.

Affected (1)

Products: Zyxel: Nbg 418n V2 Firmware

1 product

Nbg 418n V2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nbg 418n V2 Firmware	Version 1.00(aarp.9)c0

Running on/with	Platform Versions
Zyxel Nbg 418n V2	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/master/CVE-2019-17354

Source: cve@mitre.org

Third Party Advisory

https://www.zyxel.com/us/en/

Source: cve@mitre.org

Product

https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/master/CVE-2019-17354

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.zyxel.com/us/en/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.