Skip to main content

Gs1900 24 Firmware

16 CVEs product

Monthly

CVE-2026-7273 HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow Gs1900 48Hpv2 Firmware Gs1900 8 Firmware +8
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8882 MEDIUM This Month

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Gs1900 8 Firmware Gs1900 8Hp Firmware +8
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-8881 MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-38270 MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35140 MEDIUM This Month

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34746 MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-35032 HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-35031 HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +11
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-35030 MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2019-15804 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-15803 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-15802 MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2019-15801 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15800 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware +7
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2019-15799 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2015-7256 MEDIUM This Month

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Information Disclosure Nwa1100 N Firmware Nwa1100 Nh Firmware Nwa1121 Ni Firmware +22
NVD
CVSS 3.0
5.9
EPSS
0.1%
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 4.5
MEDIUM This Month

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware +9
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Gs1900 48Hpv2 Firmware +9
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +11
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +13
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware +11
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel +9
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zyxel Gs1900 8 Firmware +8
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Information Disclosure Nwa1100 N Firmware +24
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy