Zyxel security advisory for XSS vulnerability in NBG-418N v2 home router

CVE: CVE-2022-45441

Zyxel has released a patch addressing a stored cross-site scripting (XSS) vulnerability in the NBG-418N v2 home router. Users are advised to install the patch for optimal protection.

What is the vulnerability?

An XSS vulnerability in Zyxel’s NBG-418N v2 could allow an unauthenticated attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could then force a user to execute the stored malicious scripts when the user visits the Logs page of the GUI on the device.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified only one vulnerable product that is within the vulnerability support period and released a firmware patch to address the issue, as shown in the table below.

Affected model Affected version Patch availability
NBG-418N v2 V1.00(AARP.10)C0 and earlier V1.00(AARP.13)C0
Got a question?

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.


Thanks to Mariusz Dalewski from MDDV for reporting the issue to us.

Revision history

2023-2-7: Initial release