Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
435
VMScore

CVE-2019-9955

Published: 22/04/2019 Updated: 30/04/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zyxel atp200_firmware 4.31

zyxel atp500_firmware 4.31

zyxel atp800_firmware 4.31

zyxel usg20-vpn_firmware 4.31

zyxel usg20w-vpn_firmware 4.31

zyxel usg40_firmware 4.31

zyxel usg40w_firmware 4.31

zyxel usg60_firmware 4.31

zyxel usg60w_firmware 4.31

zyxel usg110_firmware 4.31

zyxel usg210_firmware 4.31

zyxel usg310_firmware 4.31

zyxel usg1100_firmware 4.31

zyxel usg1900_firmware 4.31

zyxel usg2200-vpn_firmware 4.31

zyxel zywall_110_firmware 4.31

zyxel zywall_310_firmware 4.31

zyxel zywall_1100_firmware 4.31

zyxel vpn50_firmware -

zyxel vpn100_firmware -

zyxel vpn300_firmware -

Exploits

Exploit DB: Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
# Exploit Title: Reflected XSS on Zyxel login pages # Date: 10 Apr 2019 # Exploit Author: Aaron Bishop # Vendor Homepage: wwwzyxelcom/us/en/ # Version: V431 # Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG40 - weblogincgi, webauth_relogincgi # CVE : 2019-9955 1 Description ============== Several Zyxel devices are vulnerable ...

Mailing Lists

Full Disclosure: CVE-2019-9955 Refelected XSS on Zyxel Login page
Numerous Zyxel devices are vulnerable to a reflected XSS issue on the login page The mp_idx parameter is included in the page unsanitized A request such a $RHOST/?mobile=1&mp_idx=%22;alert(1);// Will trigger an alert, demonstrating the issue A call to getScript() can be used to include a full external JavaScript file to capture ...

References

CWE-79https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtmlhttps://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-pagehttps://www.exploit-db.com/exploits/46706/http://seclists.org/fulldisclosure/2019/Apr/22http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.htmlhttps://nvd.nist.govhttp://seclists.org/fulldisclosure/2019/Apr/22https://www.exploit-db.com/exploits/46706
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook