CVE-2019-12583
published 2019-06-27CVE-2019-12583: Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by…
critical9.1CVSS 3.0
AVNACLPRNUINSUCNIHAH
EXPLOIT
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | uag2100_firmware | <= 4.18\(aaiz.1\)c0 | — |
| zyxel | uag4100_firmware | <= 4.18\(aatd.1\)c0 | — |
| zyxel | uag5100_firmware | <= 4.18\(aapn.1\)c0 | — |
| zyxel | usg1100_firmware | <= 4.33\(aapk.0\)c0 | — |
| zyxel | usg110_firmware | <= 4.33\(aaph.0\)c0 | — |
| zyxel | usg1900_firmware | <= 4.33\(aapl.0\)c0 | — |
| zyxel | usg210_firmware | <= 4.33\(aapi.0\)c0 | — |
| zyxel | usg2200-vpn_firmware | <= 4.33\(abae.0\)c0 | — |
| zyxel | usg310_firmware | <= 4.33\(aapj.0\)c0 | — |
| zyxel | zywall_1100_firmware | <= 4.33\(aaac.0\)c0 | — |
| zyxel | zywall_110_firmware | <= 4.33\(aaaa.0\)c0 | — |
| zyxel | zywall_310_firmware | <= 4.33\(aaab.0\)c0 | — |
| zyxel | zywall_vpn100_firmware | <= 10.02\(abfv.0\)c0 | — |
| zyxel | zywall_vpn300_firmware | <= 10.02\(abfc.0\)c0 | — |