Skip to main content

Zywall Vpn2S Firmware

9 CVEs product

Monthly

CVE-2023-34141 HIGH This Week

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-34140 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware +22
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-34139 HIGH This Week

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34138 HIGH This Week

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-33012 HIGH POC THREAT Act Now

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD GitHub
CVSS 3.1
8.8
EPSS
10.1%
CVE-2023-33011 HIGH This Week

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28767 HIGH This Week

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-35028 HIGH PATCH This Week

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Zywall Vpn2S Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-35027 HIGH PATCH This Week

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Zyxel Zywall Vpn2S Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
EPSS 1% CVSS 8.0
HIGH This Week

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware +23
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zyxel +24
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware +14
NVD
EPSS 1% CVSS 8.0
HIGH This Week

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware +21
NVD
EPSS 10% CVSS 8.8
HIGH POC THREAT Act Now

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware +21
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg 2200 Vpn Firmware +21
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware +21
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Zywall Vpn2S Firmware
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Zyxel Zywall Vpn2S Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy