Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7256 | 1 Zyxel | 50 C1000z, C1000z Firmware, Fr1000z and 47 more | 2017-10-11 | 4.3 MEDIUM | 5.9 MEDIUM |
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | |||||
CVE-2015-6018 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2017-09-14 | 10.0 HIGH | 9.8 CRITICAL |
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | |||||
CVE-2015-6016 | 1 Zyxel | 4 Nbg-418n, P-660hw-t1 2, Pmg5318-b20a Firmware and 1 more | 2016-12-07 | 10.0 HIGH | 9.8 CRITICAL |
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
CVE-2015-6019 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2016-12-07 | 5.0 MEDIUM | 8.5 HIGH |
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
CVE-2015-6020 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2016-12-07 | 8.3 HIGH | 8.0 HIGH |
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. |