ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
References
Link | Resource |
---|---|
https://www.shellcode.it/article/cve-2017-17550/ | Exploit Third Party Advisory |
https://www.shellcode.it/article/cve-2017-17550/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.shellcode.it/article/cve-2017-17550/ - Exploit, Third Party Advisory |
Information
Published : 2018-11-10 22:29
Updated : 2024-11-21 03:18
NVD link : CVE-2017-17550
Mitre link : CVE-2017-17550
CVE.ORG link : CVE-2017-17550
JSON object : View
Products Affected
zyxel
- zywall_usg_100
- zywall_usg_100_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)