VYPR

Zywall 2

by Zyxel

CVEs (6)

  • CVE-2019-12583Jun 27, 2019
    risk 0.05cvss epss 0.44

    Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

  • CVE-2007-4318Aug 13, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.

  • CVE-2019-12581Jun 27, 2019
    risk 0.02cvss epss 0.06

    A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.

  • CVE-2007-4316Aug 13, 2007
    risk 0.00cvss epss 0.01

    The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.

  • CVE-2007-4319Aug 13, 2007
    risk 0.00cvss epss 0.01

    The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might…

  • CVE-2007-4317Aug 13, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1)…