CVE-2023-22921
published 2023-05-01CVE-2023-22921: A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker…
high7.5CVSS 3.1
AVNACLPRHUIRSCCLILAH
A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | nbg-418n_firmware | <= 1.00\(aarp.13\)c0 | — |
| zyxel | nbg-418n_v2_firmware | < V1.00(AARP.14)C0 | V1.00(AARP.14)C0 |