cbcvebase.
CVE-2018-19326
published 2018-11-17

CVE-2018-19326: Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.

PriorityP357high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
8.18%
94.2th percentile
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.

Affected

1 ranges
VendorProductVersion rangeFixed in
zyxelvmg1312-b10d_firmware< 5.13\(aaxa.8\)c05.13\(aaxa.8\)c0

Detection & IOCsextracted from sources · hover to see the quote

path/../../../../../../../../../../../../etc/passwd
  • Detect exploitation attempts by matching HTTP responses containing 'application/octet-stream' Content-Type header combined with a body matching 'root:.*:0:0:' (passwd file content).
  • Hunt for Zyxel VMG1312-B10D devices exposed on the internet using Shodan query 'http.html:"VMG1312-B10D"' or FOFA query 'body="vmg1312-b10d"'.
  • Detect directory traversal attack requests containing repeated '/../' sequences in the URL path targeting this device.
  • ·The vulnerability affects Zyxel VMG1312-B10D devices running firmware versions before 5.13(AAXA.8)C0 only; patched devices are not affected.
  • ·Exploitation requires no authentication (PR:N, UI:N), meaning any unauthenticated remote attacker can trigger the traversal without credentials.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.