Vulnerabilities (CVE)

Filtered by vendor Zyxel Subscribe
Filtered by product Usg1100
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35029 1 Zyxel 74 Usg100, Usg1000, Usg1000 Firmware and 71 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
CVE-2020-25014 1 Zyxel 52 Access Points Firmware, Nwa110ax, Nwa1123-ac Hd and 49 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
CVE-2020-29583 1 Zyxel 30 Usg110, Usg1100, Usg1100 Firmware and 27 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
CVE-2020-9054 1 Zyxel 54 Atp100, Atp100 Firmware, Atp200 and 51 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
CVE-2019-12581 1 Zyxel 18 Uag2100, Uag2100 Firmware, Uag4100 and 15 more 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
CVE-2019-12583 1 Zyxel 28 Uag2100, Uag2100 Firmware, Uag4100 and 25 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
CVE-2019-9955 1 Zyxel 42 Atp200, Atp200 Firmware, Atp500 and 39 more 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.