PT-2019-15100 · Zyxel · Zyxel Nbg-418N

D0X0

Published

2019-10-09

Updated

2020-08-24

CVE-2019-17354

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zyxel NBG-418N v2 version V1.00(AARP.9)C0

Description The issue allows direct access to the wan.htm page without authentication, potentially leading to information disclosure about the WAN. An attacker can also modify data fields on this page.

Recommendations For Zyxel NBG-418N v2 version V1.00(AARP.9)C0, consider restricting access to the wan.htm page until a fix is available. As a temporary workaround, limit modifications to the data fields on this page to prevent potential exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-17354

Affected Products

Zyxel Nbg-418N

PT-2019-15100 · Zyxel · Zyxel Nbg-418N

CVE-2019-17354

Weakness Enumeration

Related Identifiers

Affected Products

References · 4