VYPR
Vendor

Zyxel

Zyxel Communications Corporation, a subsidiary of Zyxel Group Corporation, is a Taiwanese multinational broadband provider headquartered in the Hsinchu Science Park, Taiwan. The company was founded in 1989 by Shun-I Chu, and has three research centers, four regional headquarters, and 35 branch offices.

Founded 1989
Products
206
CVEs
341
Across products
454
Status
Private

Products

206
View all 206 products →

Recent CVEs

341
View all 341 CVEs →
  • CVE-2017-6884HigKEVApr 6, 2017
    risk 0.81cvss 8.8epss 0.38

    A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands…

  • CVE-2015-6018CriDec 31, 2015
    risk 0.68cvss 9.8epss 0.21

    The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.

  • CVE-2008-1160CriMar 25, 2008
    risk 0.68cvss 9.8epss 0.15

    ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

  • CVE-2017-7964CriApr 19, 2017
    risk 0.65cvss 10.0epss 0.03

    Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.

  • CVE-2025-69329CriFeb 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1.

  • CVE-2018-1164CriFeb 21, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI…

  • CVE-2017-15226CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.

  • CVE-2017-3216CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.05

    WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a…

  • CVE-2016-1329CriMar 3, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID…

  • CVE-2015-5989CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.03

    Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.

  • CVE-2015-5988CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.03

    The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

  • CVE-2015-6016CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.06

    ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.

  • CVE-2016-10401HigJul 25, 2017
    risk 0.61cvss 8.8epss 0.12

    ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).

  • CVE-2026-7273HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.

  • CVE-2026-7256HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP…

  • CVE-2016-1302HigFeb 7, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via…

  • CVE-2015-5990HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-5987HigDec 31, 2015
    risk 0.56cvss 8.6epss 0.01

    Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

  • CVE-2015-6019HigDec 31, 2015
    risk 0.55cvss 8.5epss 0.03

    The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

  • CVE-2015-7283HigDec 31, 2015
    risk 0.53cvss 8.1epss 0.04

    The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.