Vulnerability Details CVE-2019-10631
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2019-10631
-
cpe:2.3:h:zyxel:nas326:-
-
cpe:2.3:o:zyxel:nas326_firmware:-
-
cpe:2.3:o:zyxel:nas326_firmware:5.21