NA

CVE-2019-7391

Vulnerability Summary

Zyxel VMG3312-B10B login-page.cgi cross-site request forgery

Zyxel VMG3312-B10B is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the login-page.cgi script. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Vulnerability Trend

Exploits

# Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit # Version: Zyxel VMG3312-B10B # Tested on : Parrot Os # Author: Yusuf Furkan # Twitter: h1_yusuf # CVE: CVE-2019-7391 # model name: DSL-491HNU-B1B v2 <html> <!-- CSRF PoC - generated by Yusuf --> <body> <script>historypushState('', '', '/')</ ...

Mailing Lists

Zyxel VMG3312-B10B DSL-491HNU-B1 V2 suffers from a cross site request forgery vulnerability ...

References