Skip to main content

Zld

19 CVEs product

Monthly

CVE-2024-11667 CRITICAL KEV THREAT Act Now

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Path Traversal Zld
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-42061 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Zld
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7203 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-6343 MEDIUM This Month

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Zld
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-42060 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42059 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42058 HIGH This Week

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Null Pointer Dereference Denial Of Service Zld
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-42057 HIGH This Week

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-5960 MEDIUM This Month

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5797 MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld Nwa110Ax Firmware Nwa1123Acv3 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5650 MEDIUM This Month

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4398 HIGH This Week

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4397 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-37926 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37925 MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld Nwa110Ax Firmware Nwa1123Acv3 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35139 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Zld
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35136 MEDIUM This Month

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-29299 HIGH This Week

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Vpn Orchestrator Zld Nsg Firmware +1
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-25014 CRITICAL Act Now

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Memory Corruption RCE Zld +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
EPSS 3% CVSS 9.8
CRITICAL KEV THREAT Act Now

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Path Traversal Zld
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Zld
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Null Pointer Dereference Denial Of Service +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Command Injection Zld
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld +19
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Zyxel +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld +19
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Zld
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zyxel Zld
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Vpn Orchestrator +3
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Memory Corruption +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy