Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12581 | 1 Zyxel | 18 Uag2100, Uag2100 Firmware, Uag4100 and 15 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. | |||||
| CVE-2019-12583 | 1 Zyxel | 28 Uag2100, Uag2100 Firmware, Uag4100 and 25 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. | |||||