Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10633 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. | |||||
| CVE-2019-10632 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files. | |||||
| CVE-2019-10631 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. | |||||
| CVE-2019-10630 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | |||||