CVE-2019-9955

high-risk

Published 2019-04-22

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.

Do I need to act?

10.7% chance of exploitation in next 30 days

EPSS score — higher than 89% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

46706

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Atp200 Firmware

Atp500 Firmware

Atp800 Firmware

Usg20-Vpn Firmware

Usg20W-Vpn Firmware

Usg40 Firmware

Usg40W Firmware

Usg60 Firmware

Usg60W Firmware

Usg110 Firmware

Usg210 Firmware

Usg310 Firmware

Usg1100 Firmware

Usg1900 Firmware

Usg2200-Vpn Firmware

Zywall 110 Firmware

Zywall 310 Firmware

Zywall 1100 Firmware

Vpn50 Firmware

Vpn100 Firmware

Affected Vendors

Zyxel

References (10)

Exploit http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.ht...

Mailing List http://seclists.org/fulldisclosure/2019/Apr/22

Exploit https://www.exploit-db.com/exploits/46706/

Patch https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripti...

Vendor Advisory https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-fi...

Exploit http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.ht...

Mailing List http://seclists.org/fulldisclosure/2019/Apr/22

Exploit https://www.exploit-db.com/exploits/46706/

Patch https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripti...

Vendor Advisory https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-fi...

/ 100

high-risk

Severity 23/34 · High

Exploitability 11/34 · Low

Exposure 20/34 · Moderate