Skip to main content

Usg Flex 50W Firmware

20 CVEs product

Monthly

CVE-2023-34141 HIGH This Week

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-34140 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware +22
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-34139 HIGH This Week

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34138 HIGH This Week

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-33012 HIGH POC THREAT Act Now

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD GitHub
CVSS 3.1
8.8
EPSS
10.1%
CVE-2023-33011 HIGH This Week

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28767 HIGH This Week

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-33010 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.8%
CVE-2023-33009 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.1%
CVE-2023-28771 CRITICAL POC KEV THREAT Emergency

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Atp100 Firmware Atp100W Firmware Atp200 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
99.3%
CVE-2023-27991 HIGH This Week

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +16
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-27990 MEDIUM This Month

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-22918 MEDIUM PATCH This Month

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +48
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22917 HIGH This Week

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22916 HIGH This Week

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-22915 HIGH This Week

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22914 HIGH This Week

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-22913 HIGH This Week

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-40603 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Atp800 Firmware Atp700 Firmware Atp500 Firmware +16
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-30525 CRITICAL POC KEV THREAT Emergency

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Usg Flex 100W Firmware Usg Flex 200 Firmware Usg Flex 500 Firmware +13
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
EPSS 1% CVSS 8.0
HIGH This Week

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware +23
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zyxel +24
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware +14
NVD
EPSS 1% CVSS 8.0
HIGH This Week

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware +21
NVD
EPSS 10% CVSS 8.8
HIGH POC THREAT Act Now

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware +21
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg 2200 Vpn Firmware +21
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware +21
NVD
EPSS 29% CVSS 9.8
CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel +23
NVD
EPSS 28% CVSS 9.8
CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel +23
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Atp100 Firmware +18
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Atp200 Firmware +18
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zyxel Atp200 Firmware +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Atp200 Firmware +50
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware +17
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg Flex 100 Firmware +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware +11
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zyxel Usg Flex 100 Firmware +10
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg Flex 100 Firmware +10
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Atp800 Firmware +18
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Usg Flex 100W Firmware +15
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy