Vulnerabilities (CVE)

Filtered by vendor Zyxel Subscribe
Total 129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12695 18 Asus, Broadcom, Canon and 15 more 257 Rt-n11, Adsl, Selphy Cp1200 and 254 more 2021-04-23 7.8 HIGH 7.5 HIGH
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2020-28899 1 Zyxel 6 Lte4506-m606, Lte4506-m606 Firmware, Lte7460-m608 and 3 more 2021-03-22 6.4 MEDIUM 9.1 CRITICAL
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.
CVE-2021-3297 1 Zyxel 2 Nbg2105, Nbg2105 Firmware 2021-02-03 7.2 HIGH 7.8 HIGH
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
CVE-2020-29583 1 Zyxel 30 Usg110, Usg1100, Usg1100 Firmware and 27 more 2021-01-14 10.0 HIGH 9.8 CRITICAL
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
CVE-2020-29299 1 Zyxel 7 Atp, Nsg, Nsg Firmware and 4 more 2021-01-05 9.0 HIGH 7.2 HIGH
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
CVE-2020-20183 1 Zyxel 2 P1302-t10 V3, P1302-t10 V3 Firmware 2020-12-15 5.0 MEDIUM 7.5 HIGH
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.
CVE-2020-25014 1 Zyxel 52 Access Points Firmware, Nwa110ax, Nwa1123-ac Hd and 49 more 2020-12-10 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
CVE-2020-24355 1 Zyxel 2 Vmg5313-b30b, Vmg5313-b30b Firmware 2020-09-11 10.0 HIGH 9.8 CRITICAL
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion.
CVE-2020-24354 1 Zyxel 2 Vmg5313-b30b, Vmg5313-b30b Firmware 2020-09-04 6.5 MEDIUM 8.8 HIGH
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.
CVE-2020-15336 1 Zyxel 1 Cloudcnm Secumanager 2020-08-25 5.0 MEDIUM 7.5 HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
CVE-2020-15335 1 Zyxel 1 Cloudcnm Secumanager 2020-08-25 5.0 MEDIUM 7.5 HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
CVE-2018-14893 1 Zyxel 2 Nsa325 V2, Nsa325 V2 Firmware 2020-08-24 9.0 HIGH 8.8 HIGH
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
CVE-2019-15804 1 Zyxel 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more 2020-08-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
CVE-2019-12583 1 Zyxel 28 Uag2100, Uag2100 Firmware, Uag4100 and 25 more 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
CVE-2019-17354 1 Zyxel 2 Nbg-418n V2, Nbg-418n V2 Firmware 2020-08-24 7.5 HIGH 9.4 CRITICAL
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
CVE-2019-10631 1 Zyxel 2 Nas326, Nas326 Firmware 2020-08-24 6.5 MEDIUM 8.8 HIGH
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.
CVE-2019-15815 1 Zyxel 2 2.00\(abbx.3\), P-1302-t10d 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.
CVE-2019-15803 1 Zyxel 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
CVE-2019-10630 1 Zyxel 2 Nas326, Nas326 Firmware 2020-08-24 4.0 MEDIUM 8.8 HIGH
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.
CVE-2019-15800 1 Zyxel 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more 2020-08-24 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)