Security for everyone

CVE-2019-12581 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Zyxel ZyWall, USG, and UAG devices.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2019-12581 Scanner Detail

Zyxel ZyWall, USG, and UAG devices are commonly used for secure network connectivity for small to medium-sized businesses and enterprises. They provide firewall, VPN, and content filtering capabilities to ensure secure connectivity through various types of networks. These devices function as a gateway between the internal and external network, thus ensuring the security of sensitive data and preventing unauthorized access.

However, a critical vulnerability, CVE-2019-12581, has been identified that affects these devices. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the "err_msg" parameter in the free_time_failed.cgi program. This injection allows hackers to execute potentially malicious code on the targeted devices and gain unauthorized access to the network and its sensitive data.

Vulnerable Devices and Versions

Device Vulnerability Firmware Version
UAG2100 XSS (CVE-2019-12581) 4.18(AAIZ.1)C0 and earlier
UAG4100 XSS (CVE-2019-12581) 4.18(AATD.1)C0 and earlier
UAG5100 XSS (CVE-2019-12581) 4.18(AAPN.1)C0 and earlier

When exploited, this vulnerability can lead to the loss of confidential business information, financial loss, and severe damage to the business's reputation. Moreover, there is a risk of legal action taken against the organization that fails to protect its data and clients.

Securityforeveryone.com offers pro features that enable businesses to easily and quickly learn about vulnerabilities in their digital assets. With the platform's comprehensive vulnerability assessment tools, organizations can identify, prioritize, and mitigate threats to their networks and devices. By utilizing the various security features offered by Securityforeveryone.com, businesses can ensure that they have taken the necessary steps to protect their sensitive data and maintain their reputation.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture