Sign-up

ID

VAR-201904-1093


CVE

CVE-2019-10634


TITLE

Zyxel NAS 326 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-13783 // CNNVD: CNNVD-201904-494

DESCRIPTION

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields. Zyxel NAS 326 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyxelNAS326 is a dual-disc personal cloud storage device from Zyxel. A cross-site scripting vulnerability exists in ZyxelNAS3265.21 and earlier. ZyXEL NAS 326 is a NAS (Network Attached Storage) device produced by ZyXEL Corporation of Taiwan, China. There is a cross-site scripting vulnerability in ZyXEL NAS 326 5.21 and earlier versions, which is caused by the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2019-10634 // JVNDB: JVNDB-2019-003249 // CNVD: CNVD-2019-13783 // VULHUB: VHN-142200

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13783

AFFECTED PRODUCTS

vendor:zyxelmodel:nas326scope:lteversion:5.21

Trust: 1.0

vendor:zyxelmodel:nas 326scope:lteversion:5.21

Trust: 0.8

vendor:zyxelmodel:nasscope:eqversion:326<=5.21

Trust: 0.6

sources: CNVD: CNVD-2019-13783 // JVNDB: JVNDB-2019-003249 // NVD: CVE-2019-10634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10634
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10634
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-13783
value: LOW

Trust: 0.6

CNNVD: CNNVD-201904-494
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142200
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-10634
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-13783
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142200
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10634
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-13783 // VULHUB: VHN-142200 // JVNDB: JVNDB-2019-003249 // CNNVD: CNNVD-201904-494 // NVD: CVE-2019-10634

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-142200 // JVNDB: JVNDB-2019-003249 // NVD: CVE-2019-10634

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-494

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201904-494

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003249

PATCH
title:NAS326url:https://www.zyxel.com/products_services/2-Bay-Personal-Cloud-Storage-NAS326/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003249

EXTERNAL IDS
db:NVDid:CVE-2019-10634
Trust: 3.1
db:JVNDBid:JVNDB-2019-003249
Trust: 0.8
db:CNNVDid:CNNVD-201904-494
Trust: 0.7
db:CNVDid:CNVD-2019-13783
Trust: 0.6
db:VULHUBid:VHN-142200
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13783 // 
            
            
            
            VULHUB: VHN-142200 // 
            
            
            
            JVNDB: JVNDB-2019-003249 // 
            
            
            
            CNNVD: CNNVD-201904-494 // 
            
            
            
            NVD: CVE-2019-10634

REFERENCES
url:http://maxwelldulin.com/blogpost?post=3236967424
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-10634
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10634
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-13783 // 
            
            
            
            VULHUB: VHN-142200 // 
            
            
            
            JVNDB: JVNDB-2019-003249 // 
            
            
            
            CNNVD: CNNVD-201904-494 // 
            
            
            
            NVD: CVE-2019-10634

SOURCES
db:CNVDid:CNVD-2019-13783
db:VULHUBid:VHN-142200
db:JVNDBid:JVNDB-2019-003249
db:CNNVDid:CNNVD-201904-494
db:NVDid:CVE-2019-10634

LAST UPDATE DATE
2024-11-23T22:17:04.772000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13783date:2019-06-19T00:00:00
db:VULHUBid:VHN-142200date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003249date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201904-494date:2019-04-19T00:00:00
db:NVDid:CVE-2019-10634date:2024-11-21T04:19:38.163

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13783date:2019-05-13T00:00:00
db:VULHUBid:VHN-142200date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003249date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201904-494date:2019-04-09T00:00:00
db:NVDid:CVE-2019-10634date:2019-04-09T05:29:00.400