Vendor CVEs
Zyxel
All CVEs
341 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1319 | Med | 0.35 | 5.3 | 0.01 | Feb 9, 2016 | Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext… | ||
| CVE-2016-1307 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2016 | The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | ||
| CVE-2026-7257 | Med | 0.29 | 4.4 | 0.00 | May 12, 2026 | ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration… | ||
| CVE-2026-6058 | Med | 0.29 | 4.5 | 0.00 | Apr 21, 2026 | ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by… | ||
| CVE-2016-1317 | Med | 0.28 | 4.3 | 0.01 | Feb 9, 2016 | Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. | ||
| CVE-2023-28771 | 0.23 | — | 0.99 | KEV | Apr 25, 2023 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an… | ||
| CVE-2022-30525 | 0.23 | — | 1.00 | KEV | May 12, 2022 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00… | ||
| CVE-2017-18368 | 0.22 | — | 0.95 | KEV | May 2, 2019 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page… | ||
| CVE-2024-11667 | 0.20 | — | 0.03 | KEV | Nov 27, 2024 | A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series… | ||
| CVE-2020-29583 | 0.20 | — | 0.90 | KEV | Dec 22, 2020 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin… | ||
| CVE-2020-9054 | 0.20 | — | 1.00 | KEV | Mar 4, 2020 | Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve… | ||
| CVE-2023-27992 | 0.19 | — | 0.84 | KEV | Jun 19, 2023 | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to… | ||
| CVE-2024-40891 | 0.16 | — | 0.19 | KEV | Feb 4, 2025 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on… | ||
| CVE-2024-40890 | 0.16 | — | 0.19 | KEV | Feb 4, 2025 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected… | ||
| CVE-2023-33010 | 0.13 | — | 0.29 | KEV | May 24, 2023 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions… | ||
| CVE-2023-33009 | 0.12 | — | 0.28 | KEV | May 24, 2023 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions… | ||
| CVE-2023-28770 | 0.10 | — | 0.58 | Apr 27, 2023 | The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the… | |||
| CVE-2023-28769 | 0.09 | — | 0.05 | Apr 27, 2023 | The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS)… | |||
| CVE-2021-4039 | 0.09 | — | 0.71 | Mar 1, 2022 | A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||
| CVE-2017-18371 | 0.09 | — | 0.23 | May 2, 2019 | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234.… | |||
| CVE-2017-18370 | 0.09 | — | 0.23 | May 2, 2019 | The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited… | |||
| CVE-2024-29973 | 0.08 | — | 0.86 | Jun 4, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating… | |||
| CVE-2024-29972 | 0.07 | — | 0.89 | Jun 4, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some… | |||
| CVE-2022-0342 | 0.07 | — | 0.85 | Mar 28, 2022 | An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG… | |||
| CVE-2021-3297 | 0.06 | — | 0.21 | Jan 26, 2021 | On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | |||
| CVE-2021-46387 | 0.05 | — | 0.21 | Mar 1, 2022 | ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks… | |||
| CVE-2019-12583 | 0.05 | — | 0.44 | Jun 27, 2019 | Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. | |||
| CVE-2018-19326 | 0.05 | — | 0.08 | Nov 17, 2018 | Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | |||
| CVE-2023-33012 | 0.04 | — | 0.10 | Jul 17, 2023 | A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series… | |||
| CVE-2020-14461 | 0.04 | — | 0.10 | Jun 22, 2020 | Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | |||
| CVE-2019-9955 | 0.04 | — | 0.21 | Apr 22, 2019 | On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx'… | |||
| CVE-2008-2167 | 0.04 | — | 0.17 | May 13, 2008 | Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page. | |||
| CVE-2004-1789 | 0.04 | — | 0.11 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | |||
| CVE-2004-1540 | 0.04 | — | 0.07 | Dec 31, 2004 | ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | |||
| CVE-2025-1731 | 0.03 | — | 0.01 | Apr 22, 2025 | An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their… | |||
| CVE-2024-29974 | 0.03 | — | 0.23 | Jun 4, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute… | |||
| CVE-2023-4473 | 0.03 | — | 0.41 | Nov 30, 2023 | A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable… | |||
| CVE-2022-30526 | 0.03 | — | 0.01 | Jul 19, 2022 | A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through… | |||
| CVE-2019-7391 | 0.03 | — | 0.14 | Mar 17, 2019 | ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | |||
| CVE-2019-6710 | 0.03 | — | 0.03 | Mar 7, 2019 | Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | |||
| CVE-2014-4162 | 0.03 | — | 0.03 | Jun 16, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1. | |||
| CVE-2007-4318 | 0.03 | — | 0.02 | Aug 13, 2007 | Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. | |||
| CVE-2007-1586 | 0.03 | — | 0.03 | Mar 21, 2007 | ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | |||
| CVE-2006-3929 | 0.03 | — | 0.03 | Jul 31, 2006 | Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. | |||
| CVE-2002-1071 | 0.03 | — | 0.03 | Oct 4, 2002 | ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set. | |||
| CVE-2002-1072 | 0.03 | — | 0.03 | Oct 4, 2002 | ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. | |||
| CVE-2001-1194 | 0.03 | — | 0.03 | Dec 14, 2001 | Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. | |||
| CVE-2025-0890 | 0.02 | — | 0.13 | Feb 4, 2025 | **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the… | |||
| CVE-2024-7261 | 0.02 | — | 0.11 | Sep 3, 2024 | The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware… | |||
| CVE-2019-12581 | 0.02 | — | 0.06 | Jun 27, 2019 | A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. |
- risk 0.35cvss 5.3epss 0.01
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext…
- risk 0.35cvss 5.4epss 0.01
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
- risk 0.29cvss 4.4epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration…
- risk 0.29cvss 4.5epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by…
- risk 0.28cvss 4.3epss 0.01
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
- risk 0.23cvss —epss 0.99
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…
- risk 0.23cvss —epss 1.00
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00…
- risk 0.22cvss —epss 0.95
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page…
- risk 0.20cvss —epss 0.03
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series…
- risk 0.20cvss —epss 0.90
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin…
- risk 0.20cvss —epss 1.00
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve…
- risk 0.19cvss —epss 0.84
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to…
- risk 0.16cvss —epss 0.19
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on…
- risk 0.16cvss —epss 0.19
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected…
- risk 0.13cvss —epss 0.29
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions…
- risk 0.12cvss —epss 0.28
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions…
- CVE-2023-28770Apr 27, 2023risk 0.10cvss —epss 0.58
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the…
- CVE-2023-28769Apr 27, 2023risk 0.09cvss —epss 0.05
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS)…
- CVE-2021-4039Mar 1, 2022risk 0.09cvss —epss 0.71
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.
- CVE-2017-18371May 2, 2019risk 0.09cvss —epss 0.23
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234.…
- CVE-2017-18370May 2, 2019risk 0.09cvss —epss 0.23
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited…
- CVE-2024-29973Jun 4, 2024risk 0.08cvss —epss 0.86
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating…
- CVE-2024-29972Jun 4, 2024risk 0.07cvss —epss 0.89
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some…
- CVE-2022-0342Mar 28, 2022risk 0.07cvss —epss 0.85
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG…
- CVE-2021-3297Jan 26, 2021risk 0.06cvss —epss 0.21
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
- CVE-2021-46387Mar 1, 2022risk 0.05cvss —epss 0.21
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks…
- CVE-2019-12583Jun 27, 2019risk 0.05cvss —epss 0.44
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
- CVE-2018-19326Nov 17, 2018risk 0.05cvss —epss 0.08
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
- CVE-2023-33012Jul 17, 2023risk 0.04cvss —epss 0.10
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series…
- CVE-2020-14461Jun 22, 2020risk 0.04cvss —epss 0.10
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
- CVE-2019-9955Apr 22, 2019risk 0.04cvss —epss 0.21
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx'…
- CVE-2008-2167May 13, 2008risk 0.04cvss —epss 0.17
Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.
- CVE-2004-1789Dec 31, 2004risk 0.04cvss —epss 0.11
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.
- CVE-2004-1540Dec 31, 2004risk 0.04cvss —epss 0.07
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.
- CVE-2025-1731Apr 22, 2025risk 0.03cvss —epss 0.01
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their…
- CVE-2024-29974Jun 4, 2024risk 0.03cvss —epss 0.23
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute…
- CVE-2023-4473Nov 30, 2023risk 0.03cvss —epss 0.41
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable…
- CVE-2022-30526Jul 19, 2022risk 0.03cvss —epss 0.01
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through…
- CVE-2019-7391Mar 17, 2019risk 0.03cvss —epss 0.14
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
- CVE-2019-6710Mar 7, 2019risk 0.03cvss —epss 0.03
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
- CVE-2014-4162Jun 16, 2014risk 0.03cvss —epss 0.03
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.
- CVE-2007-4318Aug 13, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.
- CVE-2007-1586Mar 21, 2007risk 0.03cvss —epss 0.03
ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol.
- CVE-2006-3929Jul 31, 2006risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
- CVE-2002-1071Oct 4, 2002risk 0.03cvss —epss 0.03
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set.
- CVE-2002-1072Oct 4, 2002risk 0.03cvss —epss 0.03
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet.
- CVE-2001-1194Dec 14, 2001risk 0.03cvss —epss 0.03
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
- CVE-2025-0890Feb 4, 2025risk 0.02cvss —epss 0.13
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the…
- CVE-2024-7261Sep 3, 2024risk 0.02cvss —epss 0.11
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware…
- CVE-2019-12581Jun 27, 2019risk 0.02cvss —epss 0.06
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
Page 2 of 7