CVE-2019-9955
Summary
| CVE | CVE-2019-9955 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-22 20:29:00 UTC |
| Updated | 2019-04-30 14:34:00 UTC |
| Description | On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Zyxel | Atp200 | - | All | All | All |
| Hardware | Zyxel | Atp200 | - | All | All | All |
| Operating System | Zyxel | Atp200 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Atp200 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Atp500 | - | All | All | All |
| Hardware | Zyxel | Atp500 | - | All | All | All |
| Operating System | Zyxel | Atp500 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Atp500 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Atp800 | - | All | All | All |
| Hardware | Zyxel | Atp800 | - | All | All | All |
| Operating System | Zyxel | Atp800 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Atp800 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg110 | - | All | All | All |
| Hardware | Zyxel | Usg110 | - | All | All | All |
| Hardware | Zyxel | Usg1100 | - | All | All | All |
| Hardware | Zyxel | Usg1100 | - | All | All | All |
| Operating System | Zyxel | Usg1100 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg1100 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg110 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg110 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg1900 | - | All | All | All |
| Hardware | Zyxel | Usg1900 | - | All | All | All |
| Operating System | Zyxel | Usg1900 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg1900 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg20-vpn | - | All | All | All |
| Hardware | Zyxel | Usg20-vpn | - | All | All | All |
| Operating System | Zyxel | Usg20-vpn Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg20-vpn Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg20w-vpn | - | All | All | All |
| Hardware | Zyxel | Usg20w-vpn | - | All | All | All |
| Operating System | Zyxel | Usg20w-vpn Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg20w-vpn Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg210 | - | All | All | All |
| Hardware | Zyxel | Usg210 | - | All | All | All |
| Operating System | Zyxel | Usg210 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg210 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg2200-vpn | - | All | All | All |
| Hardware | Zyxel | Usg2200-vpn | - | All | All | All |
| Operating System | Zyxel | Usg2200-vpn Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg2200-vpn Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg310 | - | All | All | All |
| Hardware | Zyxel | Usg310 | - | All | All | All |
| Operating System | Zyxel | Usg310 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg310 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg40 | - | All | All | All |
| Hardware | Zyxel | Usg40 | - | All | All | All |
| Hardware | Zyxel | Usg40w | - | All | All | All |
| Hardware | Zyxel | Usg40w | - | All | All | All |
| Operating System | Zyxel | Usg40w Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg40w Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg40 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg40 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Usg60 | - | All | All | All |
| Hardware | Zyxel | Usg60 | - | All | All | All |
| Hardware | Zyxel | Usg60w | - | All | All | All |
| Hardware | Zyxel | Usg60w | - | All | All | All |
| Operating System | Zyxel | Usg60w Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg60w Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg60 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Usg60 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Vpn100 | - | All | All | All |
| Hardware | Zyxel | Vpn100 | - | All | All | All |
| Operating System | Zyxel | Vpn100 Firmware | - | All | All | All |
| Operating System | Zyxel | Vpn100 Firmware | - | All | All | All |
| Hardware | Zyxel | Vpn300 | - | All | All | All |
| Hardware | Zyxel | Vpn300 | - | All | All | All |
| Operating System | Zyxel | Vpn300 Firmware | - | All | All | All |
| Operating System | Zyxel | Vpn300 Firmware | - | All | All | All |
| Hardware | Zyxel | Vpn50 | - | All | All | All |
| Hardware | Zyxel | Vpn50 | - | All | All | All |
| Operating System | Zyxel | Vpn50 Firmware | - | All | All | All |
| Operating System | Zyxel | Vpn50 Firmware | - | All | All | All |
| Hardware | Zyxel | Zywall 110 | - | All | All | All |
| Hardware | Zyxel | Zywall 110 | - | All | All | All |
| Hardware | Zyxel | Zywall 1100 | - | All | All | All |
| Hardware | Zyxel | Zywall 1100 | - | All | All | All |
| Operating System | Zyxel | Zywall 1100 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Zywall 1100 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Zywall 110 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Zywall 110 Firmware | 4.31 | All | All | All |
| Hardware | Zyxel | Zywall 310 | - | All | All | All |
| Hardware | Zyxel | Zywall 310 | - | All | All | All |
| Operating System | Zyxel | Zywall 310 Firmware | 4.31 | All | All | All |
| Operating System | Zyxel | Zywall 310 Firmware | 4.31 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Zyxel Devices Vulnerable to Cross-Site Scripting on Login page | MISC | www.securitymetrics.com | Patch, Third Party Advisory |
| Zyxel ZyWall Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Zyxel security advisory for reflected cross-site scripting vulnerability of firewalls | Zyxel | CONFIRM | www.zyxel.com | Vendor Advisory |
| Full Disclosure: CVE-2019-9955 Refelected XSS on Zyxel Login page | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting - Hardware webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.