Eval Injection Vulnerability in Zyxel NAS 326 v5.21 and Below: Remote Code Execution via tjp6jp6y4, simZysh, and ck6fup6 APIs

Eval Injection Vulnerability in Zyxel NAS 326 v5.21 and Below: Remote Code Execution via tjp6jp6y4, simZysh, and ck6fup6 APIs

CVE-2019-10633 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.

Learn more about our Web App Pen Testing.