Shodan
Vulnerabilities
Vulnerable Software
Zyxel:  Security Vulnerabilities
CVE-2019-10630
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-04-09
CVE-2019-10631
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-04-09
CVE-2019-10632
A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-04-09
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
CVSS Score
8.8
EPSS Score
0.015
Published
2019-04-09
CVE-2019-10634
An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-04-09
CVE-2019-7391
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-03-21
CVE-2019-6710
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-03-07
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
CVSS Score
8.8
EPSS Score
0.018
Published
2018-11-27
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
CVSS Score
8.8
EPSS Score
0.117
Published
2018-11-27
CVE-2018-19326
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
CVSS Score
7.5
EPSS Score
0.495
Published
2018-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved