First published: Tue Feb 07 2023(Updated: )
A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device.
Credit: security@zyxel.com.tw security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel Nbg-418n Firmware | <=1.00\(aarp.10\)c0 | |
ZyXEL NBG-418N | =v2 | |
All of | ||
Zyxel Nbg-418n Firmware | <=1.00\(aarp.10\)c0 | |
ZyXEL NBG-418N | =v2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45441 is a cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0.
CVE-2022-45441 allows an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable Zyxel NBG-418N v2 device.
The severity of CVE-2022-45441 is high with a CVSS score of 6.1.
To fix CVE-2022-45441, update the Zyxel NBG-418N v2 firmware to V1.00(AARP.13)C0 or later.
More information about CVE-2022-45441 can be found in the Zyxel security advisory at https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-in-nbg-418n-v2-home-router.