Cross site scripting

2023-05-0117:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

zyxel nbg-418n v2

firmware vulnerability

remote attacker

malicious scripts

web interface

denial-of-service

nvd

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.

CPENameOperatorVersion
nbg-418n_firmwareeq<= 1.0aarp.13c0

CPE	Name	Operator	Version
	nbg-418n_firmware	eq	<= 1.0aarp.13c0

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nbg-418n-v2-home-router