Zyxel
Monthly
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2). Rated high severity (CVSS 7.9). No vendor patch available.
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp. Rated high severity (CVSS 7.9). No vendor patch available.
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2). Rated high severity (CVSS 7.9). No vendor patch available.
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp. Rated high severity (CVSS 7.9). No vendor patch available.
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.