CVE-2019-9955

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:atp200_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:atp500_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:atp800_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zyxel:usg20-vpn_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zyxel:usg40_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zyxel:usg40w_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zyxel:usg60_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:zyxel:usg60w_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:zyxel:usg110_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:zyxel:usg210_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:zyxel:usg310_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:zyxel:usg1100_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:zyxel:usg1900_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:zyxel:usg2200-vpn_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:usg2200-vpn:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:zyxel:zywall_110_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:zyxel:zywall_310_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:zyxel:zywall_1100_firmware:4.31:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:zyxel:vpn50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:zyxel:vpn100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:zyxel:vpn300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:52

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2019/Apr/22 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2019/Apr/22 - Mailing List, Third Party Advisory
References () https://www.exploit-db.com/exploits/46706/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/46706/ - Exploit, Third Party Advisory, VDB Entry
References () https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page - Patch, Third Party Advisory () https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page - Patch, Third Party Advisory
References () https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml - Vendor Advisory () https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml - Vendor Advisory

Information

Published : 2019-04-22 20:29

Updated : 2024-11-21 04:52


NVD link : CVE-2019-9955

Mitre link : CVE-2019-9955

CVE.ORG link : CVE-2019-9955


JSON object : View

Products Affected

zyxel

  • vpn300_firmware
  • usg2200-vpn_firmware
  • vpn100
  • zywall_1100_firmware
  • atp800
  • usg40w
  • usg20-vpn_firmware
  • usg20w-vpn
  • usg60w_firmware
  • usg60_firmware
  • atp200
  • usg1100_firmware
  • usg1100
  • usg40
  • usg40_firmware
  • zywall_110
  • usg20w-vpn_firmware
  • usg20-vpn
  • atp200_firmware
  • vpn300
  • usg210
  • zywall_1100
  • usg40w_firmware
  • vpn50
  • zywall_310_firmware
  • vpn50_firmware
  • usg310_firmware
  • atp500_firmware
  • usg60w
  • zywall_310
  • atp800_firmware
  • usg60
  • atp500
  • usg1900
  • usg110
  • usg210_firmware
  • usg1900_firmware
  • zywall_110_firmware
  • usg110_firmware
  • vpn100_firmware
  • usg310
  • usg2200-vpn
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')