Information Disclosure and Data Modification in Zyxel NBG-418N v2 Products
CVE-2019-17354

9.4CRITICAL

Key Information:

Vendor: Zyxel
Status: Nbg-418n V2 Firmware
Vendor: CVE Published:; 9 October 2019

What is CVE-2019-17354?

The Zyxel NBG-418N v2 router contains a vulnerability in the wan.htm page that allows unauthorized access without authentication. This can lead to the disclosure of sensitive WAN information and may allow attackers to manipulate data fields on the page, compromising the integrity and confidentiality of the device’s configuration.

References

https://www.zyxel.com/us/en/

x_refsource_MISC

https://github.com/d0x0/Zyxel-NBG-418N-v2/blob/master/CVE...

x_refsource_MISC

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2019
Vulnerability Reserved
Oct 8, 2019