Directory Traversal Weakness in Zyxel NAS 326 File Browser
CVE-2019-10632

6.5MEDIUM

Key Information:

Vendor: Zyxel
Status: Nas326 Firmware
Vendor: CVE Published:; 9 April 2019

Summary

A directory traversal vulnerability exists in the file browser component of the Zyxel NAS 326, allowing lower privileged users to manipulate the location of files belonging to other users. This flaw could lead to unauthorized access to sensitive data, highlighting the necessity for users to ensure they are running the latest software versions to mitigate this kind of risk.

References

http://maxwelldulin.com/BlogPost?post=3236967424

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Mar 29, 2019