Vulnerabilities (CVE)

Filtered by vendor Zyxel Subscribe
Total 244 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0910 1 Zyxel 64 Atp100, Atp100 Firmware, Atp100w and 61 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
CVE-2021-4029 1 Zyxel 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more 2023-12-10 8.3 HIGH 8.8 HIGH
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.
CVE-2021-46387 1 Zyxel 2 Zywall 2 Plus Internet Security Appliance, Zywall 2 Plus Internet Security Appliance Firmware 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
CVE-2021-4030 1 Zyxel 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.
CVE-2022-0342 1 Zyxel 46 Atp100, Atp100 Firmware, Atp100w and 43 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
CVE-2022-30525 1 Zyxel 32 Atp100, Atp100 Firmware, Atp100w and 29 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
CVE-2022-26413 1 Zyxel 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more 2023-12-10 7.7 HIGH 8.0 HIGH
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
CVE-2021-35034 1 Zyxel 2 Nbg6604, Nbg6604 Firmware 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.
CVE-2021-35031 1 Zyxel 28 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 25 more 2023-12-10 7.7 HIGH 8.0 HIGH
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
CVE-2021-35027 1 Zyxel 2 Zywall Vpn2s, Zywall Vpn2s Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.
CVE-2021-35035 1 Zyxel 2 Nbg6604, Nbg6604 Firmware 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
CVE-2021-35028 1 Zyxel 2 Zywall Vpn2s, Zywall Vpn2s Firmware 2023-12-10 7.2 HIGH 7.8 HIGH
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.
CVE-2021-35033 1 Zyxel 12 Nbg6818, Nbg6818 Firmware, Nbg7815 and 9 more 2023-12-10 6.9 MEDIUM 7.8 HIGH
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.
CVE-2021-35032 1 Zyxel 24 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 21 more 2023-12-10 7.2 HIGH 7.8 HIGH
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
CVE-2021-35030 1 Zyxel 24 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 21 more 2023-12-10 2.3 LOW 4.3 MEDIUM
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
CVE-2021-35029 1 Zyxel 74 Usg100, Usg1000, Usg1000 Firmware and 71 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
CVE-2020-20183 1 Zyxel 2 P1302-t10 V3, P1302-t10 V3 Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.
CVE-2021-3297 1 Zyxel 2 Nbg2105, Nbg2105 Firmware 2023-12-10 7.2 HIGH 7.8 HIGH
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
CVE-2020-25014 1 Zyxel 52 Access Points Firmware, Nwa110ax, Nwa1123-ac Hd and 49 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
CVE-2020-29583 1 Zyxel 30 Usg110, Usg1100, Usg1100 Firmware and 27 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.