Cross-Site Request Forgery in Zyxel Armor Home Routers
CVE-2021-4030

8HIGH

Key Information:

Vendor: Zyxel
Status: Armor Z2 (nbg6817) Firmware; Armor Z1 (nbg6816) Firmware
Vendor: CVE Published:; 24 February 2022

Summary

A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1 and Z2 firmware could allow an attacker to execute arbitrary commands. This can occur if a local user is tricked into visiting a compromised website that contains malicious scripts. Proper safeguards and updates are necessary to prevent potential exploitation.

Affected Version(s)

ARMOR Z1 (NBG6816) firmware 1.00(AAWB.10)C0

ARMOR Z2 (NBG6817) firmware 1.00(ABCS.10)C0

References

https://www.zyxel.com/support/forgery-vulnerabilities-of-...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Nov 29, 2021