Skip to main content

Nas520 Firmware

3 CVEs product

Monthly

CVE-2020-13365 HIGH This Week

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-13364 HIGH This Week

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-9054 CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE Nas326 Firmware Nas520 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
100.0%
EPSS 1% CVSS 8.8
HIGH This Week

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nas326 Firmware +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nas326 Firmware +3
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE +27
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy