Sign-up

ID

VAR-201904-1091


CVE

CVE-2019-10632


TITLE

Zyxel NAS 326 Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-003301 // CNNVD: CNNVD-201904-491

DESCRIPTION

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files. Zyxel NAS 326 Contains a path traversal vulnerability.Information may be tampered with. ZyxelNAS326 is a dual-disc personal cloud storage device from Zyxel. ZyXEL NAS 326 is a NAS (Network Attached Storage) device produced by ZyXEL Corporation of Taiwan, China. The vulnerability originates from the failure of network systems or products to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories

Trust: 2.25

sources: NVD: CVE-2019-10632 // JVNDB: JVNDB-2019-003301 // CNVD: CNVD-2019-13781 // VULHUB: VHN-142198

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13781

AFFECTED PRODUCTS

vendor:zyxelmodel:nas326scope:lteversion:5.21

Trust: 1.0

vendor:zyxelmodel:nas 326scope:lteversion:5.21

Trust: 0.8

vendor:zyxelmodel:nasscope:eqversion:326<=5.21

Trust: 0.6

sources: CNVD: CNVD-2019-13781 // JVNDB: JVNDB-2019-003301 // NVD: CVE-2019-10632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10632
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10632
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-13781
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-491
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142198
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10632
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-13781
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142198
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10632
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-13781 // VULHUB: VHN-142198 // JVNDB: JVNDB-2019-003301 // CNNVD: CNNVD-201904-491 // NVD: CVE-2019-10632

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-142198 // JVNDB: JVNDB-2019-003301 // NVD: CVE-2019-10632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-491

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201904-491

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003301

PATCH
title:NAS326url:https://www.zyxel.com/products_services/2-Bay-Personal-Cloud-Storage-NAS326/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003301

EXTERNAL IDS
db:NVDid:CVE-2019-10632
Trust: 3.1
db:JVNDBid:JVNDB-2019-003301
Trust: 0.8
db:CNNVDid:CNNVD-201904-491
Trust: 0.7
db:CNVDid:CNVD-2019-13781
Trust: 0.6
db:VULHUBid:VHN-142198
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13781 // 
            
            
            
            VULHUB: VHN-142198 // 
            
            
            
            JVNDB: JVNDB-2019-003301 // 
            
            
            
            CNNVD: CNNVD-201904-491 // 
            
            
            
            NVD: CVE-2019-10632

REFERENCES
url:http://maxwelldulin.com/blogpost?post=3236967424
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-10632
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10632
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-13781 // 
            
            
            
            VULHUB: VHN-142198 // 
            
            
            
            JVNDB: JVNDB-2019-003301 // 
            
            
            
            CNNVD: CNNVD-201904-491 // 
            
            
            
            NVD: CVE-2019-10632

SOURCES
db:CNVDid:CNVD-2019-13781
db:VULHUBid:VHN-142198
db:JVNDBid:JVNDB-2019-003301
db:CNNVDid:CNNVD-201904-491
db:NVDid:CVE-2019-10632

LAST UPDATE DATE
2024-11-23T22:12:06.102000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13781date:2019-06-19T00:00:00
db:VULHUBid:VHN-142198date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-003301date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-491date:2019-04-17T00:00:00
db:NVDid:CVE-2019-10632date:2024-11-21T04:19:37.907

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13781date:2019-05-13T00:00:00
db:VULHUBid:VHN-142198date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003301date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-491date:2019-04-09T00:00:00
db:NVDid:CVE-2019-10632date:2019-04-09T05:29:00.323