CVE-2019-6710 – Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-6710
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. Los dispositivos de Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices permiten Cross-Site Request Forgery (CSRF) en login.cgi. Zyxel NBG-418N V2 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/46240 https://alicangonullu.biz/konu/3 https://twitter.com/god3err/status/1088067902832631809 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-7284
https://notcve.org/view.php?id=CVE-2015-7284
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos ZyXEL NBG-418N con firmware 1.00(AADZ.3)C0 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www.securityfocus.com/bid/78819 http://www.securitytracker.com/id/1034554 https://www.kb.cert.org/vuls/id/330000 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-7283
https://notcve.org/view.php?id=CVE-2015-7283
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. La interfaz de administración web en dispositivos ZyXEL NBG-418N con firmware 1.00(AADZ.3)C0 tiene una contraseña por defecto de 1234 para la cuenta admin, lo que permite a atacantes remotos obtener privilegios administrativos aprovechando una sesión LAN. • http://www.securityfocus.com/bid/78819 http://www.securitytracker.com/id/1034554 https://www.kb.cert.org/vuls/id/330000 • CWE-255: Credentials Management Errors •