Cross-Site Scripting Vulnerability in Zyxel NBG-418N v2 Firmware
CVE-2022-45441

6.1MEDIUM

Key Information:

Vendor: Zyxel
Status: Nbg-418n V2 Firmware
Vendor: CVE Published:; 7 February 2023

Summary

A cross-site scripting vulnerability exists in Zyxel NBG-418N v2 firmware, allowing attackers to store malicious scripts in the device's Logs page within the graphical user interface. An authenticated user who visits this page may inadvertently execute the stored scripts, potentially leading to a denial-of-service condition. This vulnerability poses risks to the integrity and availability of the device.

Affected Version(s)

NBG-418N v2 firmware < V1.00(AARP.13)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Nov 15, 2022