VYPR

ZyWALL/USG series

by Zyxel

CVEs (13)

  • CVE-2023-28771KEVApr 25, 2023
    Hola
    VPN
    risk 0.23cvss epss 0.94

    Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…

  • CVE-2023-33009KEVMay 24, 2023
    Zyxel
    ATP series
    risk 0.12cvss epss 0.06

    A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions…

  • CVE-2023-33010KEVMay 24, 2023
    Zyxel
    ATP series
    risk 0.12cvss epss 0.07

    A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions…

  • CVE-2022-0342Mar 28, 2022
    Zyxel
    ATP series
    risk 0.07cvss epss 0.92

    An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG…

  • CVE-2022-30526Jul 19, 2022
    Zyxel
    ATP series
    risk 0.03cvss epss 0.03

    A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through…

  • CVE-2022-38547Feb 7, 2023
    Zyxel
    ATP series
    risk 0.00cvss epss 0.01

    A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32…

  • CVE-2022-40603Dec 6, 2022
    Zyxel
    ATP series
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31,…

  • CVE-2022-2030Jul 19, 2022
    Zyxel
    ATP series
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware…

  • CVE-2022-26532May 24, 2022
    Zyxel
    ATP series
    risk 0.00cvss epss 0.02

    A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through…

  • CVE-2022-0910May 24, 2022
    Zyxel
    ATP series
    risk 0.00cvss epss 0.00

    A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN…

  • CVE-2022-0734May 24, 2022
    Zyxel
    ATP series
    risk 0.00cvss epss 0.00

    A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35…

  • CVE-2022-26531May 24, 2022
    Zyxel
    ATP series
    risk 0.00cvss epss 0.01

    Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30…

  • CVE-2021-35029Jul 2, 2021
    Zyxel
    ATP series
    risk 0.00cvss epss 0.00

    An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands…