Filtered by vendor Zyxel
Subscribe
Total
244 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15345 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | |||||
CVE-2020-15344 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | |||||
CVE-2020-15329 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | |||||
CVE-2020-15343 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | |||||
CVE-2020-15346 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. | |||||
CVE-2022-34746 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2023-12-10 | N/A | 5.9 MEDIUM |
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface. | |||||
CVE-2020-15328 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | |||||
CVE-2020-15326 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | |||||
CVE-2020-15337 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. | |||||
CVE-2020-15338 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 5.3 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. | |||||
CVE-2020-15339 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 6.1 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. | |||||
CVE-2022-2030 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2023-12-10 | N/A | 6.5 MEDIUM |
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. | |||||
CVE-2022-30526 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2023-12-10 | N/A | 7.8 HIGH |
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | |||||
CVE-2020-15340 | 1 Zyxel | 1 Cloudcnm Secumanager | 2023-12-10 | N/A | 7.5 HIGH |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | |||||
CVE-2022-26414 | 1 Zyxel | 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. | |||||
CVE-2022-0823 | 1 Zyxel | 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more | 2023-12-10 | 2.1 LOW | 6.2 MEDIUM |
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. | |||||
CVE-2022-0734 | 1 Zyxel | 64 Atp100, Atp100 Firmware, Atp100w and 61 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | |||||
CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | |||||
CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||||
CVE-2022-26532 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. |