Zyxel security advisory for XSS vulnerability in NBG-418N v2 home router
Zyxel has released a patch addressing a stored cross-site scripting (XSS) vulnerability in the NBG-418N v2 home router. Users are advised to install the patch for optimal protection.
What is the vulnerability?
An XSS vulnerability in Zyxel’s NBG-418N v2 could allow an unauthenticated attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could then force a user to execute the stored malicious scripts when the user visits the Logs page of the GUI on the device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified only one vulnerable product that is within the vulnerability support period and released a firmware patch to address the issue, as shown in the table below.
|Affected model||Affected version||Patch availability|
|NBG-418N v2||V1.00(AARP.10)C0 and earlier||V1.00(AARP.13)C0|
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Thanks to Mariusz Dalewski from MDDV for reporting the issue to us.
2023-2-7: Initial release