Skip to main content

Zyxel

211 CVEs vendor

Monthly

CVE-2023-33010 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.8%
CVE-2023-33009 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.1%
CVE-2023-22924 MEDIUM PATCH This Month

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-22923 MEDIUM PATCH This Month

A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22922 HIGH PATCH This Week

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22921 HIGH PATCH This Week

A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

XSS Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22919 HIGH PATCH This Week

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nbg6604 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-28770 HIGH POC THREAT Act Now

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Dx5401 B0 Firmware
NVD
CVSS 3.1
7.5
EPSS
57.8%
CVE-2023-28769 CRITICAL POC Emergency

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Dx5401 B0 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2023-28771 CRITICAL POC KEV THREAT Emergency

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Atp100 Firmware Atp100W Firmware Atp200 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
99.3%
CVE-2023-27991 HIGH This Week

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +16
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-27990 MEDIUM This Month

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-22918 MEDIUM PATCH This Month

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +48
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22917 HIGH This Week

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22916 HIGH This Week

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-22915 HIGH This Week

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22914 HIGH This Week

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-22913 HIGH This Week

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-22920 CRITICAL Act Now

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Lte3202 M437 Firmware Lte3316 M604 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-38546 CRITICAL Act Now

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nbg7510 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-40603 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Atp800 Firmware Atp700 Firmware Atp500 Firmware +16
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40602 CRITICAL PATCH Act Now

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Zyxel Authentication Bypass Lte3301 M209 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34746 MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-34747 CRITICAL PATCH Act Now

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Zyxel Nas326 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-0823 MEDIUM PATCH This Month

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zyxel Gs1200 5 Firmware Gs1200 5Hp Firmware Gs1200 8 Firmware +1
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-26532 HIGH This Week

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2022-26531 HIGH This Week

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
5.8%
CVE-2022-0910 MEDIUM This Month

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +29
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-0734 MEDIUM This Month

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +29
NVD
CVSS 3.1
6.1
EPSS
8.4%
CVE-2022-30525 CRITICAL POC KEV THREAT Emergency

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Usg Flex 100W Firmware Usg Flex 200 Firmware Usg Flex 500 Firmware +13
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-26414 MEDIUM This Month

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Zyxel Vmg3312 T20A Firmware Emg3525 T50b Firmware +30
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26413 HIGH This Week

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Zyxel Vmg3312 T20A Firmware Emg3525 T50b Firmware Emg5523 T50b Firmware +29
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2022-0556 HIGH This Week

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Zyxel Zyxel Ap Configurator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0342 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Usg40 Firmware Usg40W Firmware Usg60 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
84.8%
CVE-2021-35035 MEDIUM This Month

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nbg6604 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-35034 CRITICAL Act Now

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nbg6604 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-35032 HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-35031 HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +11
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-35033 HIGH POC This Week

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Nbg6818 Firmware Nbg7815 Firmware Wsq20 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-35028 HIGH PATCH This Week

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Zywall Vpn2S Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-35027 HIGH PATCH This Week

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Zyxel Zywall Vpn2S Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-35030 MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-35029 CRITICAL Act Now

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Usg1900 Firmware Usg1100 Firmware Usg310 Firmware +34
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-3297 HIGH POC THREAT This Week

On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Nbg2105 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
20.5%
CVE-2020-29299 HIGH This Week

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Vpn Orchestrator Zld Nsg Firmware +1
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2020-29583 CRITICAL POC KEV THREAT Act Now

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Usg20 Vpn Firmware Usg20W Vpn Firmware Usg40 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-20183 HIGH This Week

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass P1302 T10 V3 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-25014 CRITICAL Act Now

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Memory Corruption RCE Zld +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-24355 CRITICAL POC Act Now

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Vmg5313 B30B Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-24354 HIGH POC This Week

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Vmg5313 B30B Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13365 HIGH This Week

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-13364 HIGH This Week

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15324 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15323 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15322 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15321 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15320 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15319 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15318 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15317 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15316 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15315 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15314 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15313 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15312 MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2020-15336 HIGH This Week

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15335 HIGH This Week

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15348 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel RCE Code Injection Python Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-14461 HIGH POC This Week

Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Path Traversal Wap6806 Firmware
NVD Exploit-DB
CVSS 3.1
8.6
EPSS
9.5%
CVE-2020-9054 CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE Nas326 Firmware Nas520 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2019-15804 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-15803 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-15802 MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2019-15801 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15800 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware +7
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2019-15799 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-15815 MEDIUM PATCH This Month

ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Zyxel 2 00 Abbx 3
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-17354 CRITICAL Act Now

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Nbg 418N V2 Firmware
NVD GitHub
CVSS 3.1
9.4
EPSS
1.4%
CVE-2019-12581 MEDIUM POC PATCH This Month

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +6
NVD
CVSS 3.0
6.1
EPSS
6.4%
CVE-2019-12583 CRITICAL POC PATCH THREAT Act Now

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Uag2100 Firmware Uag4100 Firmware Uag5100 Firmware +11
NVD
CVSS 3.0
9.1
EPSS
43.9%
CVE-2019-6725 CRITICAL Act Now

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel P 660Hn T1 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-9955 MEDIUM POC PATCH THREAT This Month

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Atp200 Firmware Atp500 Firmware Atp800 Firmware +18
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
20.9%
CVE-2019-10634 MEDIUM POC This Month

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zyxel Nas326 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-10633 HIGH POC This Week

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Zyxel Nas326 Firmware
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2019-10632 MEDIUM POC This Month

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zyxel Nas326 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-10631 HIGH POC This Week

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel Nas326 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-10630 HIGH POC This Week

A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Nas326 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-7391 HIGH POC THREAT This Week

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel CSRF Dsl 491Hnu B10B Firmware Dsl 491Hnu B1B V2 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2019-6710 HIGH POC This Week

Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel CSRF Nbg 418N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-14893 HIGH POC This Week

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nsa325 V2 Firmware
NVD
CVSS 3.0
8.8
EPSS
3.4%
EPSS 29% CVSS 9.8
CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel +23
NVD
EPSS 28% CVSS 9.8
CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel +23
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zyxel Nbg 418N Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Nbg 418N Firmware
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zyxel Nbg 418N Firmware
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

XSS Zyxel Nbg 418N Firmware
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nbg6604 Firmware
NVD
EPSS 58% CVSS 7.5
HIGH POC THREAT Act Now

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Dx5401 B0 Firmware
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Emergency

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Dx5401 B0 Firmware
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Atp100 Firmware +18
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Atp200 Firmware +18
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zyxel Atp200 Firmware +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Atp200 Firmware +50
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware +17
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg Flex 100 Firmware +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware +11
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zyxel Usg Flex 100 Firmware +10
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg Flex 100 Firmware +10
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Lte3202 M437 Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nbg7510 Firmware
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Atp800 Firmware +18
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Zyxel Authentication Bypass Lte3301 M209 Firmware
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware +9
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Zyxel Nas326 Firmware
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zyxel Gs1200 5 Firmware +3
NVD
EPSS 5% CVSS 7.8
HIGH This Week

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Zyxel Vpn100 Firmware +64
NVD
EPSS 6% CVSS 7.8
HIGH This Week

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Vpn100 Firmware +64
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Vpn100 Firmware +31
NVD
EPSS 8% CVSS 6.1
MEDIUM This Month

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Vpn100 Firmware +31
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zyxel Usg Flex 100W Firmware +15
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM This Month

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Zyxel +32
NVD
EPSS 1% CVSS 8.0
HIGH This Week

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Zyxel Vmg3312 T20A Firmware +31
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Zyxel +1
NVD
EPSS 85% CVSS 9.8
CRITICAL POC THREAT Act Now

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Usg40 Firmware +22
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nbg6604 Firmware
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nbg6604 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +11
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +13
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Nbg6818 Firmware +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Zywall Vpn2S Firmware
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Zyxel Zywall Vpn2S Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware +11
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Usg1900 Firmware +36
NVD
EPSS 21% CVSS 7.8
HIGH POC THREAT This Week

On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Nbg2105 Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Vpn Orchestrator +3
NVD
EPSS 90% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Usg20 Vpn Firmware +29
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass P1302 T10 V3 Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Memory Corruption +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Vmg5313 B30B Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Vmg5313 B30B Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nas326 Firmware +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nas326 Firmware +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloud Cnm Secumanager
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Zyxel Authentication Bypass +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel RCE Code Injection +2
NVD
EPSS 10% CVSS 8.6
HIGH POC This Week

Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Path Traversal Wap6806 Firmware
NVD Exploit-DB
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE +27
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel +9
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Zyxel 2 00 Abbx 3
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Nbg 418N V2 Firmware
NVD GitHub
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Uag2100 Firmware +8
NVD
EPSS 44% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zyxel Uag2100 Firmware +13
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel P 660Hn T1 Firmware
NVD
EPSS 21% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zyxel Atp200 Firmware +20
NVD Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zyxel Nas326 Firmware
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zyxel Nas326 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Nas326 Firmware
NVD
EPSS 14% CVSS 8.8
HIGH POC THREAT This Week

ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel CSRF Dsl 491Hnu B10B Firmware +1
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel CSRF Nbg 418N Firmware
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection Nsa325 V2 Firmware
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy