VYPR

USG FLEX

by Zyxel

CVEs (2)

  • CVE-2023-34139HigJul 17, 2023
    risk 0.57cvss 8.8epss 0.01

    A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS…

  • CVE-2020-29299HigDec 27, 2020
    risk 0.47cvss 7.2epss 0.02

    Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55…