4 results (0.011 seconds)

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. El portal de gestión en dispositivos ZyXEL PMG5318-B20A con firmware 1.00AANC0b5 no finaliza sesión sobre una acción de cierre de sesión, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso aprovechando una estación de trabajo sin supervisión. • http://www.securitytracker.com/id/1034553 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. Dispositivos ZyXEL PMG5318-B20A con firmware 1.00AANC0b5 permiten a usuarios remotos autenticados obtener privilegios administrativos aprovechando el acceso a la cuenta de usuario. • http://www.securitytracker.com/id/1034553 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. Dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0), dispositivos PMG5318-B20A con firmware 1.00AANC0b5 y dispositivos NBG-418N tienen una contraseña por defecto de 1234 para la cuenta de admin, lo que permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados. • http://www.securitytracker.com/id/1034552 http://www.securitytracker.com/id/1034553 http://www.securitytracker.com/id/1034554 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-255: Credentials Management Errors •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. La implementación de diagnostic-ping en dispositivos ZyXEL PMG5318-B20A con firmware anterior a 1.00(AANC.2)C0 permite a atacantes remotos ejecutar comandos arbitrarios a través del parámetro PingIPAddr. ZyXEL PMG5318-B20A suffers from a command injection vulnerability via the ping function. • https://www.exploit-db.com/exploits/38455 http://www.securitytracker.com/id/1034553 https://www.kb.cert.org/vuls/id/870744 https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R • CWE-264: Permissions, Privileges, and Access Controls •