CVE-2019-12583

Name: CVE-2019-12583
Creator: NVD / NIST
Published: 2019-06-27T14:15:10.393+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 43.93%

Last modified Jun 17, 2026

CVE-2019-12583 is a vulnerability of currently unknown severity. Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.. EPSS estimates a 43.93% chance of exploitation in the next 30 days.

Description

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

Metrics

EPSS Probability

43.93%

98.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-425

Affected Software

Vendor	Product	Versions
Zyxel	Uag2100 Firmware	<= 4.18\(aaiz.1\)c0
Zyxel	Uag4100 Firmware	<= 4.18\(aatd.1\)c0
Zyxel	Uag5100 Firmware	<= 4.18\(aapn.1\)c0
Zyxel	Usg110 Firmware	<= 4.33\(aaph.0\)c0
Zyxel	Usg210 Firmware	<= 4.33\(aapi.0\)c0
Zyxel	Usg310 Firmware	<= 4.33\(aapj.0\)c0
Zyxel	Usg1100 Firmware	<= 4.33\(aapk.0\)c0
Zyxel	Usg1900 Firmware	<= 4.33\(aapl.0\)c0
Zyxel	Usg2200-Vpn Firmware	<= 4.33\(abae.0\)c0
Zyxel	Zywall Vpn100 Firmware	<= 10.02\(abfv.0\)c0
Zyxel	Zywall Vpn300 Firmware	<= 10.02\(abfc.0\)c0
Zyxel	Zywall 110 Firmware	<= 4.33\(aaaa.0\)c0
Zyxel	Zywall 310 Firmware	<= 4.33\(aaab.0\)c0
Zyxel	Zywall 1100 Firmware	<= 4.33\(aaac.0\)c0

References

https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/Exploit, Third Party Advisory
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtmlPatch, Vendor Advisory
https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/Exploit, Third Party Advisory
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtmlPatch, Vendor Advisory

Timeline

Published: Jun 27, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-12583?

How severe is CVE-2019-12583?

Severity scoring for CVE-2019-12583 is pending analysis. The EPSS model estimates a 43.93% probability of exploitation in the next 30 days.

How do I fix CVE-2019-12583?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-12583?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST