Description
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Zyxel / ARMOR Z1 (NBG6816) firmware1.00(AAWB.10)C0 – 1.00(AAWB.10)C0
- Zyxel / ARMOR Z2 (NBG6817) firmware1.00(ABCS.10)C0 – 1.00(ABCS.10)C0