Vulnerabilities (CVE)

Filtered by vendor Zyxel Subscribe
Filtered by product Uag4100
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12581 1 Zyxel 18 Uag2100, Uag2100 Firmware, Uag4100 and 15 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
CVE-2019-12583 1 Zyxel 28 Uag2100, Uag2100 Firmware, Uag4100 and 25 more 2024-02-04 6.4 MEDIUM 9.1 CRITICAL
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.