Lucene search

VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi

🗓️ 26 Feb 2020 00:00:00Reported by AttackerKBType

ZyXEL pre-authentication command injection in weblogin.cgi on multiple devices may allow remote code execution with root privilege

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 23
prion	Command injection	4 Mar 202020:15	–	prion
nessus	Zyxel NAS < 5.21 / USG < 4.35 / ATP < 4.35 / VPN < 4.35 / ZyWALL < 4.35 RCE (CVE-2020-9054)	7 Jun 202300:00	–	nessus
nessus	Zyxel USG < 4.35 / ATP < 4.35 / VPN < 4.35 / ZyWALL < 4.35 (RCE) (CVE-2020-9054)	26 May 202300:00	–	nessus
nuclei	Zyxel NAS Firmware 5.21- Remote Code Execution	1 May 202110:45	–	nuclei
checkpoint_advisories	ZyXEL NAS Command Injection (CVE-2020-9054)	26 Feb 202000:00	–	checkpoint_advisories
threatpost	Flaws Riddle Zyxel’s Network Management Software	11 Mar 202021:20	–	threatpost
threatpost	Flaws Riddle Zyxel’s Network Management Software	11 Mar 202021:20	–	threatpost
threatpost	New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices	20 Mar 202013:27	–	threatpost
threatpost	New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices	20 Mar 202013:27	–	threatpost
threatpost	Windows PoC Exploit Released for Wormable RCE	19 May 202114:35	–	threatpost

Source	Link
zyxel	www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml
krebsonsecurity	www.krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices
beta	www.beta.shodan.io/search
cwe	www.cwe.mitre.org/data/definitions/78.html
kb	www.kb.cert.org/vuls/id/498544

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Feb 2020 00:00Current

10.4High risk

Vulners AI Score10.4

EPSS0.94074