Vulnerabilities > Zyxel > Nsa325 V2 Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-11-27 CVE-2018-14893 Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
network
low complexity
zyxel CWE-77
8.8
8.8
2018-11-27 CVE-2018-14892 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
network
low complexity
zyxel CWE-352
8.8
8.8