CVE-2019-12581
MEDIUM NUCLEIZyxel ZyWall USG UAG Firmware - Reflected Cross-Site Scripting via err_msg Parameter
Title source: llmExploitation Summary
CVE-2019-12581 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
Nuclei Templates (1)
Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
MEDIUMby n-thumann
Shodan:
http.title:"ZyWall"
FOFA:
title="zywall"
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.zyxel.com/us/en/
Patch, Vendor Advisory x_refsource_confirm
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
Exploit, Patch, Third Party Advisory x_refsource_misc
https://sec-consult.com/en/blog/advisories/reflected-cross-site-scripting-in-zxel-zywall/index.html
Exploit, Third Party Advisory x_refsource_misc
https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
Scores
CVSS v3
6.1
EPSS
0.0640
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (9)
zyxel/uag2100_firmware
< 4.18\(aaiz.1\)c0
zyxel/uag4100_firmware
< 4.18\(aatd.1\)c0
zyxel/uag5100_firmware
< 4.18\(aapn.1\)c0
zyxel/usg1100_firmware
< 4.30
zyxel/usg110_firmware
< 4.30
zyxel/usg1900_firmware
< 4.30
zyxel/usg210_firmware
< 4.30
zyxel/usg2200-vpn_firmware
< 4.30
zyxel/usg310_firmware
< 4.30
Published
Jun 27, 2019
Tracked Since
Feb 18, 2026