Filtered by vendor Zyxel Subscriptions
Filtered by product Usg Flex 100 Subscriptions
Total 44 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-0734 1 Zyxel 64 Atp100, Atp100 Firmware, Atp100w and 61 more 2024-11-21 5.8 Medium
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
CVE-2022-0342 1 Zyxel 46 Atp100, Atp100 Firmware, Atp100w and 43 more 2024-11-21 9.8 Critical
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
CVE-2021-35029 1 Zyxel 74 Usg100, Usg1000, Usg1000 Firmware and 71 more 2024-11-21 9.8 Critical
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
CVE-2020-29583 1 Zyxel 60 Atp100, Atp100 Firmware, Atp100w and 57 more 2024-11-21 9.8 Critical
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.