Vulnerabilities (CVE)

Filtered by vendor Zyxel Subscribe
Total 244 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40602 1 Zyxel 2 Lte3301-m209, Lte3301-m209 Firmware 2023-12-10 N/A 9.8 CRITICAL
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.
CVE-2022-43389 1 Zyxel 34 Ep240p, Ep240p Firmware, Lte3202-m437 and 31 more 2023-12-10 N/A 9.8 CRITICAL
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
CVE-2022-43390 1 Zyxel 78 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 75 more 2023-12-10 N/A 8.8 HIGH
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
CVE-2022-40603 1 Zyxel 38 Atp100, Atp100 Firmware, Atp100w and 35 more 2023-12-10 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.
CVE-2022-45439 1 Zyxel 2 Ax7501-b0, Ax7501-b0 Firmware 2023-12-10 N/A 6.5 MEDIUM
A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging another known vulnerability.
CVE-2022-45440 1 Zyxel 2 Ax7501-b0, Ax7501-b0 Firmware 2023-12-10 N/A 4.4 MEDIUM
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.
CVE-2022-43393 1 Zyxel 90 Gs1350-12hp, Gs1350-12hp Firmware, Gs1350-18hp and 87 more 2023-12-10 N/A 8.2 HIGH
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.
CVE-2022-38547 1 Zyxel 50 Atp100, Atp100 Firmware, Atp100w and 47 more 2023-12-10 N/A 7.2 HIGH
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
CVE-2020-15341 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 7.5 HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
CVE-2020-15332 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2020-15334 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
CVE-2020-15347 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVE-2020-15333 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
CVE-2020-15327 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 7.5 HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVE-2020-15331 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVE-2020-15342 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
CVE-2020-15330 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
CVE-2022-34747 1 Zyxel 2 Nas326, Nas326 Firmware 2023-12-10 N/A 9.8 CRITICAL
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
CVE-2020-15325 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
CVE-2020-15345 1 Zyxel 1 Cloudcnm Secumanager 2023-12-10 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.