1. Home
  2. CVE Database
  3. CVE-2019-12581
MEDIUM · 6.1

CVE-2019-12581

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or H...

Vulnerability Description

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
ZyxelUag2100 Firmware<= 4.18\(aaiz.1\)c0
ZyxelUag2100-
ZyxelUag4100 Firmware<= 4.18\(aatd.1\)c0
ZyxelUag4100-
ZyxelUag5100 Firmware<= 4.18\(aapn.1\)c0
ZyxelUag5100-
ZyxelUsg110 Firmware<= 4.30
ZyxelUsg110-
ZyxelUsg210 Firmware<= 4.30
ZyxelUsg210-
ZyxelUsg310 Firmware<= 4.30
ZyxelUsg310-
ZyxelUsg1100 Firmware<= 4.30
ZyxelUsg1100-
ZyxelUsg1900 Firmware<= 4.30
ZyxelUsg1900-
ZyxelUsg2200-Vpn Firmware<= 4.30
ZyxelUsg2200-Vpn-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2019-12581?

CVE-2019-12581 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or H...

How severe is CVE-2019-12581?

CVE-2019-12581 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12581?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Uag2100 Firmware, Zyxel Uag2100, Zyxel Uag4100 Firmware, Zyxel Uag4100, Zyxel Uag5100 Firmware.