Vulnerability Details CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2017-17550
-
cpe:2.3:h:zyxel:zywall_usg_100:-
-
cpe:2.3:o:zyxel:zywall_usg_100_firmware:2.12(aqq.2)
-
cpe:2.3:o:zyxel:zywall_usg_100_firmware:3.30(aqq.7)