Christopher Leech

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions 5.10 through 5.37 Zyxel USG FLEX series versions 5.00 through 5.37 Zyxel USG FLEX 50(W) series versions 5.10 through 5.37 Zyxel USG20(W)-VPN series versions 5.10 through 5.37 Zyxel VPN series versions 5.00 through 5.37 **Description** A cross-site scripting (XSS) vulnerability in the CGI program could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs. The vulnerability is related to the lack of protection of the web page structure, which could allow a remote attacker to conduct cross-site scripting attacks and gain unauthorized access to protected information. **Recommendations** For Zyxel ATP series versions 5.10 through 5.37, update to a version that includes a fix for this issue. For Zyxel USG FLEX series versions 5.00 through 5.37, update to a version that includes a fix for this issue. For Zyxel USG FLEX 50(W) series versions 5.10 through 5.37, update to a version that includes a fix for this issue. For Zyxel USG20(W)-VPN series versions 5.10 through 5.37, update to a version that includes a fix for this issue. For Zyxel VPN series versions 5.00 through 5.37, update to a version that includes a fix for this issue. As a temporary workaround, consider disabling the CGI program used for dumping ZTP logs until a patch is available. Restrict access to the vulnerable CGI interface to minimize the risk of exploitation. Avoid using the vulnerable device until the issue is resolved.