VYPR

NSA325 V2

by Zyxel

CVEs (5)

  • CVE-2020-9054KEVMar 4, 2020
    risk 0.20cvss epss 1.00

    Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve…

  • CVE-2018-14893Nov 27, 2018
    risk 0.01cvss epss 0.03

    A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.

  • CVE-2020-13365Aug 6, 2020
    risk 0.00cvss epss 0.01

    Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0;…

  • CVE-2020-13364Aug 6, 2020
    risk 0.00cvss epss 0.01

    A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and…

  • CVE-2018-14892Nov 27, 2018
    risk 0.00cvss epss 0.01

    Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.