Zyxel
Zyxel Communications Corporation, a subsidiary of Zyxel Group Corporation, is a Taiwanese multinational broadband provider headquartered in the Hsinchu Science Park, Taiwan. The company was founded in 1989 by Shun-I Chu, and has three research centers, four regional headquarters, and 35 branch offices.
Products
206- 53 CVEs
- 48 CVEs
- 37 CVEs
- 37 CVEs
- 27 CVEs
- 27 CVEs
- 23 CVEs
- 17 CVEs
- 16 CVEs
- 15 CVEs
- 15 CVEs
- 14 CVEs
- 11 CVEs
- 11 CVEs
- 10 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- View all 206 products →
Recent CVEs
341| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6884 | Hig | 0.81 | 8.8 | 0.38 | KEV | Apr 6, 2017 | A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands… | |
| CVE-2015-6018 | Cri | 0.68 | 9.8 | 0.21 | Dec 31, 2015 | The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | ||
| CVE-2008-1160 | Cri | 0.68 | 9.8 | 0.15 | Mar 25, 2008 | ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | ||
| CVE-2017-7964 | Cri | 0.65 | 10.0 | 0.03 | Apr 19, 2017 | Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. | ||
| CVE-2025-69329 | Cri | 0.64 | 9.8 | 0.00 | Feb 20, 2026 | Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1. | ||
| CVE-2018-1164 | Cri | 0.64 | 9.8 | 0.04 | Feb 21, 2018 | This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI… | ||
| CVE-2017-15226 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2017 | Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | ||
| CVE-2017-3216 | Cri | 0.64 | 9.8 | 0.05 | Jun 20, 2017 | WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a… | ||
| CVE-2016-1329 | Cri | 0.64 | 9.8 | 0.04 | Mar 3, 2016 | Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID… | ||
| CVE-2015-5989 | Cri | 0.64 | 9.8 | 0.03 | Dec 31, 2015 | Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | ||
| CVE-2015-5988 | Cri | 0.64 | 9.8 | 0.03 | Dec 31, 2015 | The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | ||
| CVE-2015-6016 | Cri | 0.64 | 9.8 | 0.06 | Dec 31, 2015 | ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | ||
| CVE-2016-10401 | Hig | 0.61 | 8.8 | 0.12 | Jul 25, 2017 | ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | ||
| CVE-2026-7273 | Hig | 0.57 | 8.8 | 0.00 | Jun 16, 2026 | A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request. | ||
| CVE-2026-7256 | Hig | 0.57 | 8.8 | 0.01 | May 12, 2026 | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP… | ||
| CVE-2016-1302 | Hig | 0.57 | 8.8 | 0.02 | Feb 7, 2016 | Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via… | ||
| CVE-2015-5990 | Hig | 0.57 | 8.8 | 0.01 | Dec 31, 2015 | Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2015-5987 | Hig | 0.56 | 8.6 | 0.01 | Dec 31, 2015 | Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | ||
| CVE-2015-6019 | Hig | 0.55 | 8.5 | 0.03 | Dec 31, 2015 | The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | ||
| CVE-2015-7283 | Hig | 0.53 | 8.1 | 0.04 | Dec 31, 2015 | The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. |
- risk 0.81cvss 8.8epss 0.38
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands…
- risk 0.68cvss 9.8epss 0.21
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
- risk 0.68cvss 9.8epss 0.15
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
- risk 0.65cvss 10.0epss 0.03
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1.
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI…
- risk 0.64cvss 9.8epss 0.02
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
- risk 0.64cvss 9.8epss 0.05
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a…
- risk 0.64cvss 9.8epss 0.04
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID…
- risk 0.64cvss 9.8epss 0.03
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
- risk 0.64cvss 9.8epss 0.03
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
- risk 0.64cvss 9.8epss 0.06
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.
- risk 0.61cvss 8.8epss 0.12
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
- risk 0.57cvss 8.8epss 0.00
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
- risk 0.57cvss 8.8epss 0.01
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP…
- risk 0.57cvss 8.8epss 0.02
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via…
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
- risk 0.56cvss 8.6epss 0.01
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
- risk 0.55cvss 8.5epss 0.03
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
- risk 0.53cvss 8.1epss 0.04
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.