Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-12583
HistoryJun 27, 2019 - 2:15 p.m.

CVE-2019-12583

2019-06-2714:15:10
CWE-425
[email protected]
web.nvd.nist.gov
5

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON

Missing Access Control in the “Free Time” component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

Affected configurations

Nvd
Node
zyxeluag2100_firmwareRange4.18\(aaiz.1\)c0
AND
zyxeluag2100Match-
Node
zyxeluag4100_firmwareRange4.18\(aatd.1\)c0
AND
zyxeluag4100Match-
Node
zyxeluag5100_firmwareRange4.18\(aapn.1\)c0
AND
zyxeluag5100Match-
Node
zyxelusg110_firmwareRange4.33\(aaph.0\)c0
AND
zyxelusg110Match-
Node
zyxelusg210_firmwareRange4.33\(aapi.0\)c0
AND
zyxelusg210Match-
Node
zyxelusg310_firmwareRange4.33\(aapj.0\)c0
AND
zyxelusg310Match-
Node
zyxelusg1100_firmwareRange4.33\(aapk.0\)c0
AND
zyxelusg1100Match-
Node
zyxelusg1900_firmwareRange4.33\(aapl.0\)c0
AND
zyxelusg1900Match-
Node
zyxelusg2200-vpn_firmwareRange4.33\(abae.0\)c0
AND
zyxelusg2200-vpnMatch-
Node
zyxelzywall_vpn100_firmwareRange10.02\(abfv.0\)c0
AND
zyxelzywall_vpn100Match-
Node
zyxelzywall_vpn300_firmwareRange10.02\(abfc.0\)c0
AND
zyxelzywall_vpn300Match-
Node
zyxelzywall_110_firmwareRange4.33\(aaaa.0\)c0
AND
zyxelzywall_110Match-
Node
zyxelzywall_310_firmwareRange4.33\(aaab.0\)c0
AND
zyxelzywall_310Match-
Node
zyxelzywall_1100_firmwareRange4.33\(aaac.0\)c0
AND
zyxelzywall_1100Match-
VendorProductVersionCPE
zyxeluag2100_firmware*cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
zyxeluag2100-cpe:2.3:h:zyxel:uag2100:-:*:*:*:*:*:*:*
zyxeluag4100_firmware*cpe:2.3:o:zyxel:uag4100_firmware:*:*:*:*:*:*:*:*
zyxeluag4100-cpe:2.3:h:zyxel:uag4100:-:*:*:*:*:*:*:*
zyxeluag5100_firmware*cpe:2.3:o:zyxel:uag5100_firmware:*:*:*:*:*:*:*:*
zyxeluag5100-cpe:2.3:h:zyxel:uag5100:-:*:*:*:*:*:*:*
zyxelusg110_firmware*cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*
zyxelusg110-cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*
zyxelusg210_firmware*cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*
zyxelusg210-cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 281

Related

cvelist 1
prion 1
nuclei 1
cve 2
nvd 1
cvelist
cvelist
CVE-2019-12583
2019-06-27 14:01:02
prion
prion
Improper access control
2019-06-27 14:15:00
nuclei
nuclei
Zyxel ZyWall UAG/USG - Account Creation Access
2022-05-29 12:55:34
cve
cve
CVE-2019-12583
2019-06-27 14:15:10
CVE-2019-12582
2019-06-03 13:15:09
nvd
nvd
CVE-2019-12582
2019-06-03 13:15:09

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON
Related for NVD:CVE-2019-12583
cvelist1prion1nuclei1cve2nvd1