CVE-2019-12581
published 2019-06-27CVE-2019-12581: A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | uag2100_firmware | <= 4.18\(aaiz.1\)c0 | — |
| zyxel | uag4100_firmware | <= 4.18\(aatd.1\)c0 | — |
| zyxel | uag5100_firmware | <= 4.18\(aapn.1\)c0 | — |
| zyxel | usg1100_firmware | <= 4.30 | — |
| zyxel | usg110_firmware | <= 4.30 | — |
| zyxel | usg1900_firmware | <= 4.30 | — |
| zyxel | usg210_firmware | <= 4.30 | — |
| zyxel | usg2200-vpn_firmware | <= 4.30 | — |
| zyxel | usg310_firmware | <= 4.30 | — |