VYPR

Vendor CVEs

Zyxel

All CVEs

341 total · sorted by risk
  • CVE-2017-6884HigKEVApr 6, 2017
    risk 0.81cvss 8.8epss 0.38

    A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands…

  • CVE-2015-6018CriDec 31, 2015
    risk 0.68cvss 9.8epss 0.21

    The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.

  • CVE-2008-1160CriMar 25, 2008
    risk 0.68cvss 9.8epss 0.15

    ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

  • CVE-2017-7964CriApr 19, 2017
    risk 0.65cvss 10.0epss 0.03

    Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.

  • CVE-2025-69329CriFeb 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1.

  • CVE-2018-1164CriFeb 21, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI…

  • CVE-2017-15226CriOct 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.

  • CVE-2017-3216CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.05

    WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a…

  • CVE-2016-1329CriMar 3, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID…

  • CVE-2015-5989CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.03

    Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.

  • CVE-2015-5988CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.03

    The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

  • CVE-2015-6016CriDec 31, 2015
    risk 0.64cvss 9.8epss 0.06

    ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors.

  • CVE-2016-10401HigJul 25, 2017
    risk 0.61cvss 8.8epss 0.12

    ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).

  • CVE-2026-7273HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.

  • CVE-2026-7256HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP…

  • CVE-2016-1302HigFeb 7, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via…

  • CVE-2015-5990HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-5987HigDec 31, 2015
    risk 0.56cvss 8.6epss 0.01

    Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

  • CVE-2015-6019HigDec 31, 2015
    risk 0.55cvss 8.5epss 0.03

    The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

  • CVE-2015-7283HigDec 31, 2015
    risk 0.53cvss 8.1epss 0.04

    The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

  • CVE-2015-7284HigDec 31, 2015
    risk 0.52cvss 8.0epss 0.01

    Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-6020HigDec 31, 2015
    risk 0.52cvss 8.0epss 0.02

    ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.

  • CVE-2026-7287HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to…

  • CVE-2018-5330HigJan 16, 2018
    risk 0.49cvss 7.5epss 0.02

    ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.

  • CVE-2017-17901HigDec 29, 2017
    risk 0.49cvss 7.5epss 0.02

    ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.

  • CVE-2016-10227HigFeb 21, 2017
    risk 0.49cvss 7.5epss 0.02

    Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.

  • CVE-2015-6313HigApr 6, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP…

  • CVE-2015-6312HigApr 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

  • CVE-2016-1350HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

  • CVE-2016-1349HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

  • CVE-2016-1348HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

  • CVE-2015-6260HigMar 3, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

  • CVE-2015-0718HigMar 3, 2016
    risk 0.49cvss 7.5epss 0.04

    Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session,…

  • CVE-2015-6398HigFeb 7, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

  • CVE-2008-1526HigMar 26, 2008
    risk 0.49cvss 7.5epss 0.01

    ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.

  • CVE-2026-1460HigApr 28, 2026
    risk 0.47cvss 7.2epss 0.01

    A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS…

  • CVE-2025-11730HigFeb 5, 2026
    risk 0.47cvss 7.2epss 0.01

    A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from…

  • CVE-2025-69330HigFeb 20, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.4.1.

  • CVE-2026-0711MedApr 28, 2026
    risk 0.44cvss 6.8epss 0.01

    A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

  • CVE-2018-9149MedApr 1, 2018
    risk 0.44cvss 6.8epss 0.00

    The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system.…

  • CVE-2026-3871MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.

  • CVE-2026-3870MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.

  • CVE-2026-4795MedMay 26, 2026
    risk 0.42cvss 6.5epss 0.00

    A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00(ACPS.2)C0, GS1200-8v3 firmware versions through 1.00(ACPT.2)C0,  GS1200-5HPv3 firmware versions through 1.00(ACPU.2)C0, GS1200-8HPv3 firmware versions through 1.00(ACPV.2)C0, and…

  • CVE-2026-7255MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass…

  • CVE-2018-15602MedAug 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.

  • CVE-2015-6017MedDec 31, 2015
    risk 0.40cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.

  • CVE-2016-1344MedMar 26, 2016
    risk 0.39cvss 5.9epss 0.03

    The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

  • CVE-2018-9129MedAug 15, 2018
    risk 0.38cvss 5.9epss 0.01

    ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.

  • CVE-2015-7256MedSep 28, 2017
    risk 0.38cvss 5.9epss 0.01

    ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00,…

  • CVE-2016-1346MedApr 6, 2016
    risk 0.38cvss 5.9epss 0.02

    The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

Page 1 of 7