Filtered by vendor Zyxel
Subscribe
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34746 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2022-09-22 | N/A | 5.9 MEDIUM |
| An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface. | |||||
| CVE-2022-34747 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2022-09-08 | N/A | 9.8 CRITICAL |
| A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. | |||||
| CVE-2022-2030 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2022-07-29 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. | |||||
| CVE-2020-15336 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | |||||
| CVE-2020-15335 | 1 Zyxel | 1 Cloudcnm Secumanager | 2022-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | |||||
| CVE-2020-29583 | 1 Zyxel | 30 Usg110, Usg1100, Usg1100 Firmware and 27 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | |||||
| CVE-2022-26531 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2022-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | |||||
| CVE-2022-26532 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2022-06-19 | 7.2 HIGH | 7.8 HIGH |
| A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | |||||
| CVE-2022-0823 | 1 Zyxel | 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more | 2022-06-15 | 2.1 LOW | 6.2 MEDIUM |
| An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. | |||||
| CVE-2022-0910 | 1 Zyxel | 64 Atp100, Atp100 Firmware, Atp100w and 61 more | 2022-06-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. | |||||
| CVE-2022-0734 | 1 Zyxel | 64 Atp100, Atp100 Firmware, Atp100w and 61 more | 2022-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | |||||
| CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2022-04-28 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||||
| CVE-2022-26414 | 1 Zyxel | 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more | 2022-04-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. | |||||
| CVE-2022-26413 | 1 Zyxel | 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more | 2022-04-14 | 7.7 HIGH | 8.0 HIGH |
| A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | |||||
| CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2022-04-14 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | |||||
| CVE-2022-0342 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | |||||
| CVE-2021-46387 | 1 Zyxel | 2 Zywall 2 Plus Internet Security Appliance, Zywall 2 Plus Internet Security Appliance Firmware | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. | |||||
| CVE-2021-4030 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2022-03-02 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. | |||||
| CVE-2021-4029 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2022-03-02 | 8.3 HIGH | 8.8 HIGH |
| A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | |||||
| CVE-2020-13364 | 1 Zyxel | 8 Nas326, Nas326 Firmware, Nas520 and 5 more | 2022-02-09 | 9.0 HIGH | 8.8 HIGH |
| A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | |||||