Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Uag4100_firmware
(Zyxel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-27 | CVE-2019-12583 | Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. | Uag2100_firmware, Uag4100_firmware, Uag5100_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg210_firmware, Usg2200\-Vpn_firmware, Usg310_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware, Zywall_vpn100_firmware, Zywall_vpn300_firmware | 9.1 | ||
| 2019-06-27 | CVE-2019-12581 | A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. | Uag2100_firmware, Uag4100_firmware, Uag5100_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg210_firmware, Usg2200\-Vpn_firmware, Usg310_firmware | 6.1 |