- Description
- ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
- Source
- security@zyxel.com.tw
- NVD status
- Analyzed
- CNA Tags
- unsupported-when-assigned
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@zyxel.com.tw
- CWE-434
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF437A28-8199-4AB6-9F07-F061994C0D9C",
"versionEndExcluding": "5.21\\(aazf.17\\)c0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "718ACAC1-C0E1-45DF-A23E-7A7F9CCF1373",
"versionEndExcluding": "5.21\\(abag.14\\)c0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]