Nas326 Firmware Security Vulnerabilities and Issues — Nas326 Firmware CVE List

Lucene search

ZyxelNas326 Firmware

5 matches found

CVE•added 2019/04/09 5:29 a.m.•39 views

CVE-2019-10630

A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.

8.8CVSS8.5AI score0.00307EPSS

CVE•added 2019/04/09 5:29 a.m.•39 views

CVE-2019-10631

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.

8.8CVSS8.9AI score0.00917EPSS

CVE•added 2019/04/09 5:29 a.m.•38 views

CVE-2019-10633

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.

8.8CVSS8.6AI score0.0147EPSS

CVE•added 2019/04/09 5:29 a.m.•36 views

CVE-2019-10632

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files.

6.5CVSS6.3AI score0.00274EPSS

CVE•added 2019/04/09 5:29 a.m.•36 views

CVE-2019-10634

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.

5.4CVSS5AI score0.00157EPSS