Vulnerability Description
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Dsl-491Hnu-B10B Firmware | - |
| Zyxel | Dsl-491Hnu-B10B | - |
| Zyxel | Dsl-491Hnu-B1B V2 Firmware | - |
| Zyxel | Dsl-491Hnu-B1B V2 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/151550/Zyxel-VMG3312-B10B-DSL-491HNU-B1-V2-ExploitThird Party AdvisoryVDB Entry
- https://twitter.com/h1_yusufThird Party Advisory
- https://www.exploit-db.com/exploits/46326/ExploitThird Party AdvisoryVDB Entry
- https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
- http://packetstormsecurity.com/files/151550/Zyxel-VMG3312-B10B-DSL-491HNU-B1-V2-ExploitThird Party AdvisoryVDB Entry
- https://twitter.com/h1_yusufThird Party Advisory
- https://www.exploit-db.com/exploits/46326/ExploitThird Party AdvisoryVDB Entry
- https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
FAQ
What is CVE-2019-7391?
CVE-2019-7391 is a vulnerability with a CVSS score of 8.8 (HIGH). ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
How severe is CVE-2019-7391?
CVE-2019-7391 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7391?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Dsl-491Hnu-B10B Firmware, Zyxel Dsl-491Hnu-B10B, Zyxel Dsl-491Hnu-B1B V2 Firmware, Zyxel Dsl-491Hnu-B1B V2.