The vulnerability of the weblogin.cgi component in NAS (Network Attached Storage) storage systems and micro-programming software for Ethernet interfaces of UTM, ATP, and VPN devices allows a hacker to execute arbitrary code.

The vulnerability of the weblogin.cgi component in NAS Network Attached Storage storage systems and microprogramming software for Ethernet interfaces of UTM, ATP, and VPN devices is related to errors during the verification of the username parameter. Exploiting this vulnerability allows a malicio...

VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi

” Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to...

Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting

Exploit for hardware platform in category web applications Exploit Title: Reflected XSS on Zyxel login pages Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG40 - weblogin.cgi, webauthrelogin.cgi CVE :...

Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting

Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting Exploit Title: Reflected XSS on Zyxel login pages Date: 10 Apr 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG4...

Zyxel ZyWall Cross Site Scripting

Exploit Title: Reflected XSS on Zyxel login pages Date: 10 Apr 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG40 - weblogin.cgi, webauthrelogin.cgi CVE : 2019-9955 1. Description ==============...

Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting

Exploit Title: Reflected XSS on Zyxel login pages Date: 10 Apr 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG40 - weblogin.cgi, webauthrelogin.cgi CVE : 2019-9955 1. Description ==============...