Description
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Zyxel / ARMOR Z1 (NBG6816) firmware1.00(AAWB.10)C0 – 1.00(AAWB.10)C0
- Zyxel / ARMOR Z2 (NBG6817) firmware1.00(ABCS.10)C0 – 1.00(ABCS.10)C0