Vulnerability Database

309,587

Total vulnerabilities in the database

CVE-2017-17550

ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.

Published: Nov 10, 2018
Updated: Nov 9, 2025
CVE: CVE-2017-17550
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
zyxel / zywall_usg_100_firmware	2.12(aqq.2)	2.12(aqq.2).x
zyxel / zywall_usg_100_firmware	3.30(aqq.7)	3.30(aqq.7).x

https://www.shellcode.it/article/cve-2017-17550/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo