CVE-2019-10634

Name of the Vulnerable Software and Affected Versions Zyxel NAS 326 versions 5.21 and below

Description The issue allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields. This can lead to cross-site scripting (XSS) attacks.

Recommendations For Zyxel NAS 326 versions 5.21 and below, update to a version above 5.21 to resolve the issue. As a temporary workaround, consider restricting access to the user, group, and file-share description fields to minimize the risk of exploitation. Avoid using these fields until the issue is resolved.