Filtered by vendor Zyxel
Subscribe
Search
Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43314 | 1 Zyxel | 2 Pmg2005-t20b, Pmg2005-t20b Firmware | 2023-12-29 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid. | |||||
| CVE-2023-37927 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 8.8 HIGH |
| The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-37928 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 8.8 HIGH |
| A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-35137 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-05 | N/A | 7.5 HIGH |
| An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-4398 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2023-12-04 | N/A | 7.5 HIGH |
| An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet. | |||||
| CVE-2023-33013 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2023-08-22 | N/A | 8.8 HIGH |
| A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | |||||
| CVE-2023-28767 | 1 Zyxel | 44 Usg 20w-vpn, Usg 20w-vpn Firmware, Usg 2200-vpn and 41 more | 2023-07-26 | N/A | 8.8 HIGH |
| The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled. | |||||
| CVE-2023-33012 | 1 Zyxel | 44 Usg 20w-vpn, Usg 20w-vpn Firmware, Usg 2200-vpn and 41 more | 2023-07-26 | N/A | 8.8 HIGH |
| A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled. | |||||
| CVE-2023-34138 | 1 Zyxel | 44 Usg 20w-vpn, Usg 20w-vpn Firmware, Usg 2200-vpn and 41 more | 2023-07-26 | N/A | 8.0 HIGH |
| A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. | |||||
| CVE-2023-33011 | 1 Zyxel | 44 Usg 20w-vpn, Usg 20w-vpn Firmware, Usg 2200-vpn and 41 more | 2023-07-26 | N/A | 8.8 HIGH |
| A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled. | |||||
| CVE-2023-34139 | 1 Zyxel | 30 Usg 2200-vpn, Usg 2200-vpn Firmware, Usg Flex 100 and 27 more | 2023-07-26 | N/A | 8.8 HIGH |
| A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device. | |||||
| CVE-2023-34141 | 1 Zyxel | 48 Nxc2500, Nxc2500 Firmware, Nxc5500 and 45 more | 2023-07-26 | N/A | 8.0 HIGH |
| A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance. | |||||
| CVE-2022-30526 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2022-07-29 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | |||||
| CVE-2020-15336 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | |||||
| CVE-2020-15335 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | |||||
| CVE-2022-26532 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2022-06-19 | 7.2 HIGH | 7.8 HIGH |
| A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | |||||
| CVE-2022-26531 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2022-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | |||||
| CVE-2021-35033 | 1 Zyxel | 12 Nbg6818, Nbg6818 Firmware, Nbg7815 and 9 more | 2022-02-28 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. | |||||
| CVE-2020-13364 | 1 Zyxel | 8 Nas326, Nas326 Firmware, Nas520 and 5 more | 2022-02-09 | 9.0 HIGH | 8.8 HIGH |
| A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | |||||
| CVE-2020-13365 | 1 Zyxel | 8 Nas326, Nas326 Firmware, Nas520 and 5 more | 2022-02-09 | 9.0 HIGH | 8.8 HIGH |
| Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | |||||
| CVE-2021-35032 | 1 Zyxel | 24 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 21 more | 2022-01-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. | |||||
| CVE-2021-35031 | 1 Zyxel | 28 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 25 more | 2022-01-07 | 7.7 HIGH | 8.0 HIGH |
| A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. | |||||
| CVE-2021-35028 | 1 Zyxel | 2 Zywall Vpn2s, Zywall Vpn2s Firmware | 2021-10-02 | 7.2 HIGH | 7.8 HIGH |
| A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. | |||||
| CVE-2021-35027 | 1 Zyxel | 2 Zywall Vpn2s, Zywall Vpn2s Firmware | 2021-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. | |||||
| CVE-2020-20183 | 1 Zyxel | 2 P1302-t10 V3, P1302-t10 V3 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. | |||||
| CVE-2020-24354 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | |||||
| CVE-2019-15801 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. | |||||
| CVE-2020-12695 | 18 Asus, Broadcom, Canon and 15 more | 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more | 2021-04-23 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2021-3297 | 1 Zyxel | 2 Nbg2105, Nbg2105 Firmware | 2021-02-03 | 7.2 HIGH | 7.8 HIGH |
| On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | |||||
| CVE-2020-29299 | 1 Zyxel | 7 Atp, Nsg, Nsg Firmware and 4 more | 2021-01-05 | 9.0 HIGH | 7.2 HIGH |
| Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. | |||||
| CVE-2019-10631 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. | |||||
| CVE-2018-14893 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | |||||
| CVE-2019-15804 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. | |||||
| CVE-2019-10630 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | |||||
| CVE-2020-14461 | 1 Zyxel | 2 Wap6806, Wap6806 Firmware | 2020-07-15 | 5.0 MEDIUM | 8.6 HIGH |
| Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | |||||
| CVE-2019-15799 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2019-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. | |||||
| CVE-2018-5330 | 1 Zyxel | 2 P-660hw V3, P-660hw V3 Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | |||||
| CVE-2017-18372 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373. | |||||
| CVE-2017-18370 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371. | |||||
| CVE-2017-18374 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2019-05-03 | 9.0 HIGH | 8.8 HIGH |
| The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes. | |||||
| CVE-2019-10633 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2019-04-10 | 6.5 MEDIUM | 8.8 HIGH |
| An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. | |||||
| CVE-2019-7391 | 1 Zyxel | 4 Dsl-491hnu-b10b, Dsl-491hnu-b10b Firmware, Dsl-491hnu-b1b V2 and 1 more | 2019-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | |||||
| CVE-2019-6710 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2019-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | |||||
| CVE-2018-14892 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2018-12-26 | 6.8 MEDIUM | 8.8 HIGH |
| Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | |||||
| CVE-2018-19326 | 1 Zyxel | 2 Vmg1312-b10d, Vmg1312-b10d Firmware | 2018-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | |||||
| CVE-2017-17550 | 1 Zyxel | 2 Zywall Usg 100, Zywall Usg 100 Firmware | 2018-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS. | |||||
| CVE-2017-17901 | 1 Zyxel | 2 P-660hw, P-660hw Firmware | 2018-01-17 | 7.8 HIGH | 7.5 HIGH |
| ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | |||||
| CVE-2016-10401 | 1 Zyxel | 2 Pk5001z, Pk5001z Firmware | 2017-11-03 | 9.0 HIGH | 8.8 HIGH |
| ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | |||||
| CVE-2017-6884 | 1 Zyxel | 2 Emg2926, Emg2926 Firmware | 2017-04-12 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | |||||
| CVE-2016-10227 | 1 Zyxel | 4 Nwa3560-n, Nwa3560-n Firmware, Usg50 and 1 more | 2017-03-29 | 7.8 HIGH | 7.5 HIGH |
| Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | |||||