CVE-2017-17550

ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
References
Link Resource
https://www.shellcode.it/article/cve-2017-17550/ Exploit Third Party Advisory
https://www.shellcode.it/article/cve-2017-17550/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:zywall_usg_100_firmware:2.12\(aqq.2\):*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_usg_100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:zywall_usg_100_firmware:3.30\(aqq.7\):*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_usg_100:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:18

Type Values Removed Values Added
References () https://www.shellcode.it/article/cve-2017-17550/ - Exploit, Third Party Advisory () https://www.shellcode.it/article/cve-2017-17550/ - Exploit, Third Party Advisory

Information

Published : 2018-11-10 22:29

Updated : 2024-11-21 03:18


NVD link : CVE-2017-17550

Mitre link : CVE-2017-17550

CVE.ORG link : CVE-2017-17550


JSON object : View

Products Affected

zyxel

  • zywall_usg_100
  • zywall_usg_100_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)