Details of VAR-201904-0115

ID

VAR-201904-0115

CVE

CVE-2019-9955

TITLE

plural ZyXEL Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004359

DESCRIPTION

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. plural ZyXEL The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyXELZyWall310 and other products are all products of ZyXEL Corporation of Taiwan, China. ZyXELZyWall310 is a 310 series VPN firewall device. ZyXELZyWall110 is a 110 series VPN firewall device. The ZyXELUSG1900 is a next-generation unified security gateway device. A cross-site scripting vulnerability exists in several Zyxel products that stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. ZyXEL ZyWall 310, etc. The following products are affected: Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, Zy0WALL

Trust: 2.34

sources: NVD: CVE-2019-9955 // JVNDB: JVNDB-2019-004359 // CNVD: CNVD-2019-13778 // VULHUB: VHN-161390 // VULMON: CVE-2019-9955

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13778

AFFECTED PRODUCTS

vendor:	zyxel	model:	usg110	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	usg60w	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	usg60	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	usg40w	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	usg40	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	usg20w-vpn	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	usg20-vpn	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	atp800	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	atp500	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	atp200	scope:	-	version:	-	Trust: 1.4
vendor:	zyxel	model:	usg20w-vpn	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	zywall 310	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg110	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg1100	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	zywall 1100	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg2200-vpn	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg40w	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg40	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	eq	version:	-	Trust: 1.0
vendor:	zyxel	model:	zywall 110	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg1900	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg60	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	eq	version:	-	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	eq	version:	-	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg60w	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg310	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	usg210	scope:	eq	version:	4.31	Trust: 1.0
vendor:	zyxel	model:	nbg-418n modem	scope:	eq	version:	v2	Trust: 0.6
vendor:	zyxel	model:	nas	scope:	eq	version:	326	Trust: 0.6
vendor:	zyxel	model:	usg1100	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	usg310	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	usg210	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	zywall	scope:	eq	version:	1100	Trust: 0.6
vendor:	zyxel	model:	zywall	scope:	eq	version:	310	Trust: 0.6
vendor:	zyxel	model:	zywall	scope:	eq	version:	110	Trust: 0.6
vendor:	zyxel	model:	usg2200-vpn	scope:	-	version:	-	Trust: 0.6
vendor:	zyxel	model:	usg1900	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-13778 // JVNDB: JVNDB-2019-004359 // NVD: CVE-2019-9955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9955
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-9955
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-13778
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-785
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-161390
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-9955
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9955
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-13778
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-161390
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9955
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-13778 // VULHUB: VHN-161390 // VULMON: CVE-2019-9955 // JVNDB: JVNDB-2019-004359 // CNNVD: CNNVD-201904-785 // NVD: CVE-2019-9955

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-161390 // JVNDB: JVNDB-2019-004359 // NVD: CVE-2019-9955

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201904-785

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004359

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2019-9955

PATCH

title:	Zyxel security advisory for reflected cross-site scripting vulnerability of firewalls	url:	https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml	Trust: 0.8
title:	CVEs	url:	https://github.com/irbishop/CVEs	Trust: 0.1
title:	CVEs	url:	https://github.com/irbishop/CVE	Trust: 0.1
title:	nuclei-templates	url:	https://github.com/storenth/nuclei-templates	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/Elsfa7-110/kenzer-templates	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2019-9955 // JVNDB: JVNDB-2019-004359

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9955	Trust: 3.2
db:	PACKETSTORM	id:	152525	Trust: 1.8
db:	EXPLOIT-DB	id:	46706	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-004359	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-785	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13778	Trust: 0.6
db:	VULHUB	id:	VHN-161390	Trust: 0.1
db:	VULMON	id:	CVE-2019-9955	Trust: 0.1

sources: CNVD: CNVD-2019-13778 // VULHUB: VHN-161390 // VULMON: CVE-2019-9955 // JVNDB: JVNDB-2019-004359 // CNNVD: CNNVD-201904-785 // NVD: CVE-2019-9955

REFERENCES

url:	https://www.securitymetrics.com/blog/zyxel-devices-vulnerable-cross-site-scripting-login-page	Trust: 2.6
url:	http://seclists.org/fulldisclosure/2019/apr/22	Trust: 2.4
url:	http://packetstormsecurity.com/files/152525/zyxel-zywall-cross-site-scripting.html	Trust: 2.4
url:	https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46706/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9955	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9955	Trust: 0.8
url:	https://www.exploit-db.com/exploits/46706	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/irbishop/cves	Trust: 0.1

sources: CNVD: CNVD-2019-13778 // VULHUB: VHN-161390 // VULMON: CVE-2019-9955 // JVNDB: JVNDB-2019-004359 // CNNVD: CNNVD-201904-785 // NVD: CVE-2019-9955

CREDITS

Aaron Bishop

Trust: 0.6

sources: CNNVD: CNNVD-201904-785

SOURCES

db:	CNVD	id:	CNVD-2019-13778
db:	VULHUB	id:	VHN-161390
db:	VULMON	id:	CVE-2019-9955
db:	JVNDB	id:	JVNDB-2019-004359
db:	CNNVD	id:	CNNVD-201904-785
db:	NVD	id:	CVE-2019-9955

LAST UPDATE DATE

2024-11-23T23:04:48.660000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13778	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-161390	date:	2019-04-30T00:00:00
db:	VULMON	id:	CVE-2019-9955	date:	2019-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-004359	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-785	date:	2019-04-23T00:00:00
db:	NVD	id:	CVE-2019-9955	date:	2024-11-21T04:52:39.943

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13778	date:	2019-05-13T00:00:00
db:	VULHUB	id:	VHN-161390	date:	2019-04-22T00:00:00
db:	VULMON	id:	CVE-2019-9955	date:	2019-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-004359	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-785	date:	2019-04-16T00:00:00
db:	NVD	id:	CVE-2019-9955	date:	2019-04-22T20:29:00.447