Zyxel Nas326 Firmware vulnerabilities

CVE-2019-10630 [HIGH] CWE-522 CVE-2019-10630: A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged u A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.

CVE-2019-10633 [HIGH] CWE-94 CVE-2019-10633: An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 a An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.

CVE-2019-10632 [MEDIUM] CWE-22 CVE-2019-10632: A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files.

CVE-2019-10634 [MEDIUM] CWE-79 CVE-2019-10634: An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attac An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.