Filtered by vendor Zyxel
Subscribe
Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1260 | 1 Zyxel | 1 P-2602hw-d1a | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware allow remote attackers to (1) make the admin web server available on the Internet (WAN) interface via the WWWAccessInterface parameter to Forms/RemMagWWW_1 or (2) change the IP whitelisting timeout via the StdioTimout parameter to Forms/rpSysAdmin_1. | |||||
| CVE-2007-4317 | 1 Zyxel | 2 Zynos, Zywall 2 | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. | |||||
| CVE-2008-1256 | 1 Zyxel | 1 P-660hw | 2023-12-10 | 10.0 HIGH | N/A |
| The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access. | |||||
| CVE-2007-4316 | 1 Zyxel | 2 Zynos, Zywall 2 | 2023-12-10 | 4.3 MEDIUM | N/A |
| The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions. | |||||
| CVE-2007-1586 | 1 Zyxel | 1 Zynos | 2023-12-10 | 7.8 HIGH | N/A |
| ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | |||||
| CVE-2008-1255 | 1 Zyxel | 1 P-660hw | 2023-12-10 | 10.0 HIGH | N/A |
| The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user. | |||||
| CVE-2008-1254 | 1 Zyxel | 1 P-660hw | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | |||||
| CVE-2008-1257 | 1 Zyxel | 4 P-660hw, P-660hw D1, P-660hw D3 and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter. | |||||
| CVE-2008-1261 | 1 Zyxel | 1 P-2602hw-d1a | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI. | |||||
| CVE-2006-0302 | 1 Zyxel | 1 P2000w Version 2 Voip Wifi Phone | 2023-12-10 | 5.0 MEDIUM | N/A |
| ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090. | |||||
| CVE-2005-1717 | 1 Zyxel | 1 Prestige 650r-31 | 2023-12-10 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | |||||
| CVE-2005-3724 | 1 Zyxel | 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone | 2023-12-10 | 6.4 MEDIUM | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | |||||
| CVE-2005-0328 | 2 Netgear, Zyxel | 3 Rt311, Rt314, Prestige | 2023-12-10 | 5.0 MEDIUM | N/A |
| Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. | |||||
| CVE-2005-3725 | 1 Zyxel | 1 Prestige 2000w V.1voip Wi-fi Phone | 2023-12-10 | 6.4 MEDIUM | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. | |||||
| CVE-2006-3929 | 1 Zyxel | 1 Prestige 660h-61 | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. | |||||
| CVE-2004-0670 | 1 Zyxel | 1 Prestige | 2023-12-10 | 5.0 MEDIUM | N/A |
| Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password. | |||||
| CVE-2002-1071 | 1 Zyxel | 1 Prestige | 2023-12-10 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set. | |||||
| CVE-2001-1194 | 1 Zyxel | 2 Prestige 1600, Prestige 681 | 2023-12-10 | 5.0 MEDIUM | N/A |
| Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. | |||||
| CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | |||||
| CVE-2004-1540 | 1 Zyxel | 2 Prestige, Zynos | 2023-12-10 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | |||||