What is CVE-2019-12583?

CVE-2019-12583 is a vulnerability in N/a. Published 2019-06-27.

Is CVE-2019-12583 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-12583

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access…

EPSS: 0.591 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
youcans896768/APIV_

References

www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml (x_refsource_CONFIRM)
n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xs… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-12583?: CVE-2019-12583 is a vulnerability in N/a. Published 2019-06-27.
Is CVE-2019-12583 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.