CVE-2019-10631OS Command Injection in Zyxel Nas326 Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zyxel Nas326 Firmware
Timeline
PublishedApr 9
Latest updateMay 13

Description

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wx6c-ph9m-wxqg: Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 52022-05-13
CVEList
CVE-2019-10631: Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 52019-04-09
CVE-2019-10631 — OS Command Injection in Zyxel | cvebase