ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
References
Link | Resource |
---|---|
https://www.shellcode.it/article/cve-2017-17550/ | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-11-10 22:29
Updated : 2024-02-28 16:48
NVD link : CVE-2017-17550
Mitre link : CVE-2017-17550
CVE.ORG link : CVE-2017-17550
JSON object : View
Products Affected
zyxel
- zywall_usg_100
- zywall_usg_100_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)