CVE-2019-9955

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.

CVSS v3.0 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml	Vendor Advisory
https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page	Patch Third Party Advisory
https://www.exploit-db.com/exploits/46706/	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/Apr/22	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:atp200_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:atp500_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:atp800_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:usg20-vpn_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:usg40_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:usg40w_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:usg60_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:usg60w_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:usg110_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zyxel:usg210_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zyxel:usg310_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zyxel:usg1100_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zyxel:usg1900_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zyxel:usg2200-vpn_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:zyxel:zywall_110_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:zyxel:zywall_310_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:zyxel:zywall_1100_firmware:4.31:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:zyxel:vpn50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:zyxel:vpn100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:zyxel:vpn300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*

Information

Published : 2019-04-22 13:29

Updated : 2019-04-30 07:34

NVD link : CVE-2019-9955

Mitre link : CVE-2019-9955

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

zyxel

usg60w
usg20w-vpn
usg60
usg40w_firmware
atp500_firmware
usg210
zywall_310
usg2200-vpn_firmware
atp200_firmware
vpn100_firmware
atp200
usg110_firmware
vpn50_firmware
atp800
usg310_firmware
usg20-vpn_firmware
atp800_firmware
zywall_1100_firmware
usg60w_firmware
zywall_110
usg40_firmware
usg1100_firmware
zywall_1100
usg20w-vpn_firmware
vpn50
vpn300
vpn100
usg1100
zywall_310_firmware
usg1900_firmware
vpn300_firmware
usg310
usg40
usg210_firmware
usg110
usg1900
usg2200-vpn
usg60_firmware
zywall_110_firmware
usg20-vpn
atp500
usg40w

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-9955

6.1^/10

4.3^/10

Attach tags to `CVE-2019-9955`