CVE-2023-22921

Name of the Vulnerable Software and Affected Versions Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0

Description A cross-site scripting (XSS) issue is present in the web management interface, related to insufficient protection of the web page structure when handling parameters. This could allow a remote attacker with administrator privileges to store malicious scripts, resulting in denial-of-service (DoS) conditions on an affected device.

Recommendations For Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0, update to version V1.00(AARP.14)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management interface to minimize the risk of exploitation. Avoid using vulnerable parameters in the web management interface until the issue is resolved.