Skip to main content

Usg110 Firmware

6 CVEs product

Monthly

CVE-2021-35029 CRITICAL Act Now

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Usg1900 Firmware Usg1100 Firmware Usg310 Firmware +34
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-29583 CRITICAL POC KEV THREAT Act Now

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Usg20 Vpn Firmware Usg20W Vpn Firmware Usg40 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-9054 CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE Nas326 Firmware Nas520 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2019-12581 MEDIUM POC PATCH This Month

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +6
NVD
CVSS 3.0
6.1
EPSS
6.4%
CVE-2019-12583 CRITICAL POC PATCH THREAT Act Now

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +11
NVD
CVSS 3.0
9.1
EPSS
43.9%
CVE-2019-9955 MEDIUM POC PATCH THREAT This Month

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Atp200 Firmware Atp500 Firmware Atp800 Firmware +18
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
20.9%
EPSS 2% CVSS 9.8
CRITICAL Act Now

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Usg1900 Firmware +36
NVD
EPSS 90% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Usg20 Vpn Firmware +29
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE +27
NVD
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Uag2100 Firmware +8
NVD
EPSS 44% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Uag2100 Firmware +13
NVD
EPSS 21% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Atp200 Firmware +20
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy