CSRF Vulnerability in Zyxel NBG-418N Devices
CVE-2019-6710

8.8HIGH

Key Information:

Vendor
Zyxel
Status
Nbg-418n Firmware
Vendor
CVE Published:
7 March 2019

Summary

Zyxel NBG-418N v2 devices with firmware version v1.00(AAXM.4)C0 are susceptible to a CSRF attack through the login.cgi interface. This vulnerability allows an attacker to exploit the unauthenticated access and perform actions on behalf of the authenticated user without their consent. Proper safeguards and updates are crucial to mitigate the risk of unauthorized access and maintain network security.

References

https://twitter.com/god3err/status/1088067902832631809
x_refsource_MISC
https://alicangonullu.biz/konu/3
x_refsource_MISC
https://www.exploit-db.com/exploits/46240/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.