CVE-2022-45441

Name of the Vulnerable Software and Affected Versions Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0

Description A cross-site scripting (XSS) vulnerability exists in the Zyxel NBG-418N v2 firmware, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device.

Recommendations For Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, update to a version that includes the fix for this issue, specifically V1.00(AARP.13)C0 or later. As a temporary workaround, consider restricting access to the Logs page of the GUI to minimize the risk of exploitation. Avoid using the Logs page until the issue is resolved. At the moment, there is no other information about additional mitigation measures.