.. / CVE-2019-12583

Exploit for Zyxel ZyWall UAG/USG - Account Creation Access (CVE-2019-12583)

Description:

Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the “Free Time” component. This can lead to unauthorized network access or DoS attacks.

Nuclei Template

View the template here CVE-2019-12583.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-12583.yaml

References:

https://github.com/StarCrossPortal/scalpel
https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
https://nvd.nist.gov/vuln/detail/CVE-2019-12583
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2019-12583 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zyxel ZyWall UAG/USG - Account Creation Access (CVE-2019-12583)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-12583