Description
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Zyxel / GS1900-10HP firmware<= 2.90(AAZI.1)C0 – <= 2.90(AAZI.1)C0
- Zyxel / GS1900-16 firmware<= 2.90(AAHJ.1)C0 – <= 2.90(AAHJ.1)C0
- Zyxel / GS1900-24E firmware<= 2.90(AAHK.1)C0 – <= 2.90(AAHK.1)C0
- Zyxel / GS1900-24EP firmware<= 2.90(ABTO.1)C0 – <= 2.90(ABTO.1)C0
- Zyxel / GS1900-24 firmware<= 2.90(AAHL.1)C0 – <= 2.90(AAHL.1)C0
- Zyxel / GS1900-24HPv2 firmware<= 2.90(ABTP.1)C0 – <= 2.90(ABTP.1)C0
- Zyxel / GS1900-48 firmware<= 2.90(AAHN.1)C0 – <= 2.90(AAHN.1)C0
- Zyxel / GS1900-48HPv2 firmware<= 2.90(ABTQ.1)C0 – <= 2.90(ABTQ.1)C0
- Zyxel / GS1900-8 firmware<= 2.90(AAHH.1)C0 – <= 2.90(AAHH.1)C0
- Zyxel / GS1900-8HP firmware<= 2.90(AAHI.1)C0 – <= 2.90(AAHI.1)C0