First published: Sat Nov 10 2018(Updated: )
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel Zywall Usg 100 Firmware | =2.12\(aqq.2\) | |
Zyxel Zywall Usg 100 | ||
Zyxel Zywall Usg 100 Firmware | =3.30\(aqq.7\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-17550 is high, with a severity value of 8.8.
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability.
The vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) and potentially execute stored XSS attacks.
Apply the latest firmware update provided by ZyXEL to fix the CSRF vulnerability.
You can find more information about CVE-2017-17550 at https://www.shellcode.it/article/cve-2017-17550/