VYPR

Vendor CVEs

Zyxel

All CVEs

341 total · sorted by risk
  • CVE-2022-43391Jan 11, 2023
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

  • CVE-2022-43389Jan 11, 2023
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

  • CVE-2022-38546Dec 21, 2022
    risk 0.00cvss epss 0.01

    A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.

  • CVE-2022-40603Dec 6, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31,…

  • CVE-2022-40602Nov 22, 2022
    risk 0.00cvss epss 0.01

    A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.

  • CVE-2022-34746Sep 20, 2022
    risk 0.00cvss epss 0.00

    An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private…

  • CVE-2022-34747Sep 6, 2022
    risk 0.00cvss epss 0.02

    A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

  • CVE-2022-2030Jul 19, 2022
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware…

  • CVE-2022-0823Jun 7, 2022
    risk 0.00cvss epss 0.00

    An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

  • CVE-2022-26532May 24, 2022
    risk 0.00cvss epss 0.05

    A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through…

  • CVE-2022-0910May 24, 2022
    risk 0.00cvss epss 0.01

    A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN…

  • CVE-2022-0734May 24, 2022
    risk 0.00cvss epss 0.08

    A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35…

  • CVE-2022-26531May 24, 2022
    risk 0.00cvss epss 0.06

    Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30…

  • CVE-2022-26414Apr 11, 2022
    risk 0.00cvss epss 0.00

    A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.

  • CVE-2022-26413Apr 11, 2022
    risk 0.00cvss epss 0.01

    A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

  • CVE-2021-35036Mar 1, 2022
    risk 0.00cvss epss 0.00

    A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.

  • CVE-2021-4029Feb 22, 2022
    risk 0.00cvss epss 0.01

    A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.

  • CVE-2021-4030Feb 22, 2022
    risk 0.00cvss epss 0.00

    A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.

  • CVE-2021-35035Dec 29, 2021
    risk 0.00cvss epss 0.01

    A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.

  • CVE-2021-35034Dec 29, 2021
    risk 0.00cvss epss 0.01

    An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

  • CVE-2021-35032Dec 28, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.

  • CVE-2021-35031Dec 28, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

  • CVE-2021-35033Nov 23, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable…

  • CVE-2021-35028Sep 29, 2021
    risk 0.00cvss epss 0.00

    A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

  • CVE-2021-35027Sep 29, 2021
    risk 0.00cvss epss 0.02

    A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

  • CVE-2021-35030Jul 26, 2021
    risk 0.00cvss epss 0.00

    A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.

  • CVE-2021-35029Jul 2, 2021
    risk 0.00cvss epss 0.02

    An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands…

  • CVE-2020-28899Mar 16, 2021
    risk 0.00cvss epss 0.02

    The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password,…

  • CVE-2020-29299Dec 27, 2020
    risk 0.00cvss epss 0.02

    Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55…

  • CVE-2020-20183Dec 14, 2020
    risk 0.00cvss epss 0.01

    Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.

  • CVE-2020-25014Nov 27, 2020
    risk 0.00cvss epss 0.04

    A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.

  • CVE-2020-24355Sep 2, 2020
    risk 0.00cvss epss 0.02

    Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is…

  • CVE-2020-24354Aug 31, 2020
    risk 0.00cvss epss 0.01

    Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.

  • CVE-2020-13365Aug 6, 2020
    risk 0.00cvss epss 0.01

    Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0;…

  • CVE-2020-13364Aug 6, 2020
    risk 0.00cvss epss 0.01

    A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and…

  • CVE-2020-15324Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.

  • CVE-2020-15323Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.

  • CVE-2020-15322Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.

  • CVE-2020-15321Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.

  • CVE-2020-15320Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.

  • CVE-2020-15319Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.

  • CVE-2020-15318Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.

  • CVE-2020-15317Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.

  • CVE-2020-15316Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.

  • CVE-2020-15315Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.

  • CVE-2020-15314Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.

  • CVE-2020-15313Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.

  • CVE-2020-15312Jun 29, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.

  • CVE-2020-15332Jun 26, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.

  • CVE-2020-15333Jun 26, 2020
    risk 0.00cvss epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.

Page 5 of 7