9.1
CVE-2019-12583
- EPSS 59.06%
- Published 27.06.2019 14:15:10
- Last modified 21.11.2024 04:23:08
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
Data is provided by the National Vulnerability Database (NVD)
Zyxel ≫ Uag2100 Firmware Version <= 4.18\(aaiz.1\)c0
Zyxel ≫ Uag4100 Firmware Version <= 4.18\(aatd.1\)c0
Zyxel ≫ Uag5100 Firmware Version <= 4.18\(aapn.1\)c0
Zyxel ≫ Usg110 Firmware Version <= 4.33\(aaph.0\)c0
Zyxel ≫ Usg210 Firmware Version <= 4.33\(aapi.0\)c0
Zyxel ≫ Usg310 Firmware Version <= 4.33\(aapj.0\)c0
Zyxel ≫ Usg1100 Firmware Version <= 4.33\(aapk.0\)c0
Zyxel ≫ Usg1900 Firmware Version <= 4.33\(aapl.0\)c0
Zyxel ≫ Usg2200-vpn Firmware Version <= 4.33\(abae.0\)c0
Zyxel ≫ Zywall Vpn100 Firmware Version <= 10.02\(abfv.0\)c0
Zyxel ≫ Zywall Vpn300 Firmware Version <= 10.02\(abfc.0\)c0
Zyxel ≫ Zywall 110 Firmware Version <= 4.33\(aaaa.0\)c0
Zyxel ≫ Zywall 310 Firmware Version <= 4.33\(aaab.0\)c0
Zyxel ≫ Zywall 1100 Firmware Version <= 4.33\(aaac.0\)c0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 59.06% | 0.981 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.