Unrestricted Guest Account Generation in Zyxel UAG, USG, and ZyWall Devices

Unrestricted Guest Account Generation in Zyxel UAG, USG, and ZyWall Devices

CVE-2019-12583 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

Learn more about our Network Penetration Testing.