CVE-2019-10633Code Injection in Zyxel Nas326 Firmware

CWE-94Code Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.5%
top 19.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zyxel Nas326 Firmware
Timeline
PublishedApr 9
Latest updateMay 14

Description

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cchj-4x5r-9r76: An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 52022-05-14
CVEList
CVE-2019-10633: An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 52019-04-09
CVE-2019-10633 — Code Injection in Zyxel | cvebase