Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ZyXEL pre-authentication command injection in weblogin.cgi

🗓️ 24 Feb 2020 00:00:00Reported by CERTType 
cert
 cert🔗 www.kb.cert.org👁 283 Views

ZyXEL pre-auth command injection in weblogin.cgi allows remote code execution with root privileges. Apply firmware updates for affected devices to mitigate the vulnerability. Consider firewall filtering and access restrictions as workarounds

Related
Refs
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2014-8361
31 Mar 202611:18
githubexploit
ATTACKERKB		VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi
26 Feb 202000:00
attackerkb
ATTACKERKB		CVE-2020-9054
20 Feb 202000:00
attackerkb
BDU FSTEC		The vulnerability of the weblogin.cgi component in NAS (Network Attached Storage) storage systems and micro-programming software for Ethernet interfaces of UTM, ATP, and VPN devices allows a hacker to execute arbitrary code.
20 Mar 202000:00
bdu_fstec
Circl		CVE-2020-9054
26 Feb 202010:20
circl
CISA KEV Catalog		Zyxel Multiple NAS Devices OS Command Injection Vulnerability
25 Mar 202200:00
cisa_kev
Check Point Advisories		ZyXEL NAS Command Injection (CVE-2020-9054)
26 Feb 202000:00
checkpoint_advisories
CVE		CVE-2020-9054
4 Mar 202019:30
cve
Cvelist		CVE-2020-9054 ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi
4 Mar 202019:30
cvelist
Krebs on Security		Zyxel Fixes 0day in Network Storage Devices
24 Feb 202017:13
krebs
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Feb 2020 16:16Current
10High risk
Vulners AI Score10
CVSS 3.19.8
CVSS 210
EPSS0.99988
SSVC
zyxelcommand injectionvulnerabilityremote code executionroot privilegesfirmware updatefirewall filteringaccess restriction
283