CVE-2019-9955 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Zyxel firmware affects v. 4.31.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
Zyxel firmware is a security firewall that is used to protect digital assets against cyberattacks. This firmware is used in a wide range of devices such as ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100. Zyxel firmware is designed to provide multi-layer protection against various types of cyber threats.
CVE-2019-9955 is a vulnerability that has been detected in the security firewall login page of Zyxel firmware. This vulnerability occurs due to the unsanitized 'mp_idx' parameter. Hackers can take advantage of this vulnerability and execute a Reflected XSS attack. This attack can be executed by sending a visitor a malicious link that contains the payload. The attacker can then steal the victim's sensitive information such as login credentials and personal details.
This vulnerability can lead to severe damage to a digital asset. Hackers can use the stolen information for various malicious purposes such as identity theft, financial fraud, and data breaches. Furthermore, they can also use the stolen information to launch more sophisticated cyber-attacks that could potentially shut down entire systems or networks.
s4e.io is a platform that provides pro features to combat cyber threats efficiently. Individuals or organizations concerned about their digital asset's safety should use this platform, where security experts publish updated and latest news about detected vulnerabilities along with the precautions to be taken. With the help of s4e.io, individuals and organizations can quickly and easily learn about vulnerabilities present in their digital assets and take appropriate steps to protect them.
REFERENCES
- http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2019/Apr/22
- https://www.exploit-db.com/exploits/46706/
- https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page
- https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml
