CVE-2015-7284

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.0HIGH

EPSS

0.1%

top 76.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nbg-418n Firmware

Timeline

PublishedDec 31

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

▶NVDzyxel/nbg-418n_firmware1.00\(aadz.3\)c0

🔴Vulnerability Details

GHSA

GHSA-f5xm-rhm7-5w9q: Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1↗2022-05-17

▶

CVEList

CVE-2015-7284: Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1↗2015-12-31

▶