CVE-2019-10634

5.4MEDIUM

Key Information:

Vendor: Zyxel
Status: Nas326 Firmware
Vendor: CVE Published:; 9 April 2019

Summary

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.

References

http://maxwelldulin.com/BlogPost?post=3236967424

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Mar 29, 2019