Filtered by vendor Zyxel Subscriptions
Total 286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-3929 1 Zyxel 1 Prestige 660h-61 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
CVE-2006-2562 1 Zyxel 1 P-335wt Router 2024-11-21 N/A
ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
CVE-2006-0302 1 Zyxel 1 P2000w Version 2 Voip Wifi Phone 2024-11-21 N/A
ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090.
CVE-2005-3725 1 Zyxel 1 Prestige 2000w V.1voip Wi-fi Phone 2024-11-21 N/A
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
CVE-2005-3724 1 Zyxel 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone 2024-11-21 N/A
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
CVE-2005-1717 1 Zyxel 1 Prestige 650r-31 2024-11-21 N/A
ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets.
CVE-2005-0328 2 Netgear, Zyxel 3 Rt311, Rt314, Prestige 2024-11-21 N/A
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.
CVE-2004-1789 1 Zyxel 1 Zywall10 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.
CVE-2004-1684 1 Zyxel 2 Prestige, Zynos 2024-11-21 N/A
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2004-1540 1 Zyxel 2 Prestige, Zynos 2024-11-21 N/A
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.
CVE-2004-0670 1 Zyxel 1 Prestige 2024-11-21 N/A
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password.
CVE-2002-1072 1 Zyxel 1 Prestige 2024-11-21 N/A
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet.
CVE-2002-1071 1 Zyxel 1 Prestige 2024-11-21 N/A
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set.
CVE-2002-0438 1 Zyxel 1 Zywall10 2024-11-21 N/A
ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.
CVE-2001-1194 1 Zyxel 2 Prestige 1600, Prestige 681 2024-11-21 N/A
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
CVE-2001-1135 1 Zyxel 1 Prestige 2024-11-21 N/A
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
CVE-2024-8881 1 Zyxel 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more 2024-11-14 6.8 Medium
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
CVE-2024-8882 1 Zyxel 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more 2024-11-14 4.5 Medium
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlierĀ could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.
CVE-2024-38267 1 Zyxel 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more 2024-09-30 4.9 Medium
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
CVE-2024-38268 1 Zyxel 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more 2024-09-30 4.9 Medium
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.