XSS Vulnerability in Zyxel NBG-418N v2 Router Firmware
CVE-2023-22921

7.5HIGH

Key Information:

Vendor: Zyxel
Status: Nbg-418n V2 Firmware
Vendor: CVE Published:; 1 May 2023

What is CVE-2023-22921?

A cross-site scripting (XSS) vulnerability exists in the Zyxel NBG-418N v2 router, particularly in firmware versions prior to V1.00(AARP.14)C0. This flaw enables a remote authenticated attacker with administrator privileges to inject malicious scripts through the web management interface. If exploited, it can lead to denial-of-service (DoS) conditions, compromising the device's availability and security. It is crucial for users to update to the latest firmware to mitigate risks associated with this vulnerability.

Affected Version(s)

NBG-418N v2 firmware < V1.00(AARP.14)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2023
Vulnerability Reserved
Jan 10, 2023