A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
2019-06-27T15:15:09.170
2024-11-21T04:23:08.050
Modified
CVSSv3.0: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | zyxel | uag2100_firmware | ≤ 4.18\(aaiz.1\)c0 | Yes |
| Hardware | zyxel | uag2100 | - | No |
| Operating System | zyxel | uag4100_firmware | ≤ 4.18\(aatd.1\)c0 | Yes |
| Hardware | zyxel | uag4100 | - | No |
| Operating System | zyxel | uag5100_firmware | ≤ 4.18\(aapn.1\)c0 | Yes |
| Hardware | zyxel | uag5100 | - | No |
| Operating System | zyxel | usg110_firmware | ≤ 4.30 | Yes |
| Hardware | zyxel | usg110 | - | No |
| Operating System | zyxel | usg210_firmware | ≤ 4.30 | Yes |
| Hardware | zyxel | usg210 | - | No |
| Operating System | zyxel | usg310_firmware | ≤ 4.30 | Yes |
| Hardware | zyxel | usg310 | - | No |
| Operating System | zyxel | usg1100_firmware | ≤ 4.30 | Yes |
| Hardware | zyxel | usg1100 | - | No |
| Operating System | zyxel | usg1900_firmware | ≤ 4.30 | Yes |
| Hardware | zyxel | usg1900 | - | No |
| Operating System | zyxel | usg2200-vpn_firmware | ≤ 4.30 | Yes |
| Hardware | zyxel | usg2200-vpn | - | No |