Description
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.
Product(s):
- Zyxel ZyWALL 10 3.20_WA0
- Zyxel ZyWALL 10 3.20_WA1
- Zyxel ZyWALL 10 3.24_WA0
- Zyxel ZyWALL 10 3.24_WA1
- Zyxel ZyWALL 10 3.24_WA2
- Zyxel ZyWALL 10 3.50_WA1
- Zyxel ZyWALL 10 3.50_WA2
- Zyxel ZyWALL 10 4.07
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1789, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1789 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.