CVE-2017-17550

Name of the Vulnerable Software and Affected Versions: ZyXEL ZyWALL USG versions 2.12 AQQ.2 through 3.30 AQQ.7

Description: The issue allows for a CSRF attack via the "cgi-bin/zysh-cgi" endpoint with a cmd action to add a user account. This added account could then be used for stored XSS attacks.

Recommendations: For versions 2.12 AQQ.2 through 3.30 AQQ.7, as a temporary workaround, consider restricting access to the "cgi-bin/zysh-cgi" endpoint to minimize the risk of exploitation. Avoid using the cmd action in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.