CVE-2019-17354

CWE-306Missing Authentication3 documents3 sources
Severity
9.4CRITICAL
EPSS
0.3%
top 46.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zyxel Nbg-418n V2 Firmware
Timeline
PublishedOct 9
Latest updateMay 24

Description

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:HExploitability: 3.9 | Impact: 5.5

Affected Packages1 packages

NVDzyxel/nbg-418n_v2_firmware1.00\(aarp.9\)c0

🔴Vulnerability Details

2
GHSA
GHSA-6cg4-5972-gc2x: wan2022-05-24
CVEList
CVE-2019-17354: wan2019-10-09
CVE-2019-17354 (CRITICAL CVSS 9.4) | wan.htm page on Zyxel NBG-418N v2 w | cvebase.io