15 matches found
EUVD-2018-6774
Malware in sbrugna...
CVE-2020-13364
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0, V5.20ABAG.1C0, and V5.21ABAG.3C0; NSA325 v2V4.81AALS.0C0 and V4.81AAAJ.1C0; NSA310 4.22AFK.0C0 and...
CVE-2020-13364
CVE-2020-13364 describes a backdoor in certain Zyxel devices that allows remote TELNET access through a CGI script. Affected models include NAS520 (multiple firmware branches), NAS542, NSA325, NSA310, NAS326, NSA310S, NSA320S, NSA221, and NAS540 across various firmware versions listed in the entr...
CVE-2020-13364
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0, V5.20ABAG.1C0, and V5.21ABAG.3C0; NSA325 v2V4.81AALS.0C0 and V4.81AAAJ.1C0; NSA310 4.22AFK.0C0 and...
ZyXEL NSA325 V2 Cross-Site Request Forgery Vulnerability
The ZyXEL NSA325 V2 is a network storage device from Hopkins ZyXEL Technology. A security vulnerability exists in the web application of the ZyXEL NSA325 V2 version 4.81. The vulnerability can be exploited by an attacker to perform a state change operation using a specially crafted HTTP form...
CVE-2018-14893
CVE-2018-14893 concerns ZyXEL NSA325 V2 (firmware version 4.81) with a command injection vulnerability in the zyshclient component. The flaw permits an attacker to execute system commands via the web application API. Multiple sources (NVD, CVE records, CNVD) describe the same issue, identifying z...
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...
CVE-2018-14892
The CVE concerns ZyXEL NSA325 V2 (firmware 4.81) web application CSRF vulnerability: missing CSRF protections allows state-changing actions via crafted HTTP forms. The issue is described across multiple sources (CVE record, CNVD, CVE list) as a CSRF weakness enabling unauthorized state changes; n...
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...
Command injection
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...
Cross site request forgery (csrf)
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms...