Skip to main content

Uag5100 Firmware

2 CVEs product

Monthly

CVE-2019-12581 MEDIUM POC PATCH This Month

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +6
NVD
CVSS 3.0
6.1
EPSS
6.4%
CVE-2019-12583 CRITICAL POC PATCH THREAT Act Now

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +11
NVD
CVSS 3.0
9.1
EPSS
43.9%
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Uag2100 Firmware +8
NVD
EPSS 44% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Uag2100 Firmware +13
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy