Vulnerability Details CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2019-10633
-
cpe:2.3:h:zyxel:nas326:-
-
cpe:2.3:o:zyxel:nas326_firmware:-
-
cpe:2.3:o:zyxel:nas326_firmware:5.21