CVE-2018-19326

Name of the Vulnerable Software and Affected Versions Zyxel VMG1312-B10D versions prior to 5.13(AAXA.8)C0

Description The issue is related to insufficient checks on directory path names, allowing a remote attacker to access restricted information using a specially crafted URL request containing ../ sequences. This can potentially lead to reading sensitive files, such as /etc/passwd.

Recommendations For versions prior to 5.13(AAXA.8)C0, update to version 5.13(AAXA.8)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected directory traversal functionality until a patch is applied.