ReportizFlow
Filtered by vendor Zyxel
Subscriptions
Total
327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43314 | 1 Zyxel | 2 Pmg2005-t20b, Pmg2005-t20b Firmware | 2026-02-25 | 7.5 High |
| ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid. | ||||
| CVE-2025-11847 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2025-11846 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2025-11845 | 1 Zyxel | 108 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 105 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2025-11848 | 1 Zyxel | 96 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 93 more | 2026-02-25 | 4.9 Medium |
| A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request. | ||||
| CVE-2023-27990 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2026-02-25 | 4.8 Medium |
| The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device. | ||||
| CVE-2022-45854 | 1 Zyxel | 12 Nwa110ax, Nwa110ax Firmware, Nwa210ax and 9 more | 2026-02-25 | 4.3 Medium |
| An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. | ||||
| CVE-2022-43392 | 1 Zyxel | 96 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 93 more | 2026-02-25 | 6.5 Medium |
| A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request. | ||||
| CVE-2022-43391 | 1 Zyxel | 96 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 93 more | 2026-02-25 | 6.5 Medium |
| A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. | ||||
| CVE-2024-38267 | 1 Zyxel | 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more | 2026-02-24 | 4.9 Medium |
| An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | ||||
| CVE-2024-38268 | 1 Zyxel | 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more | 2026-02-24 | 4.9 Medium |
| An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | ||||
| CVE-2024-38266 | 1 Zyxel | 84 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 81 more | 2026-02-24 | 4.9 Medium |
| An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | ||||
| CVE-2024-38269 | 1 Zyxel | 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more | 2026-02-24 | 4.9 Medium |
| An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | ||||
| CVE-2024-5412 | 1 Zyxel | 100 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 97 more | 2026-02-24 | 7.5 High |
| A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | ||||
| CVE-2022-45440 | 1 Zyxel | 2 Ax7501-b0, Ax7501-b0 Firmware | 2025-12-17 | 4.4 Medium |
| A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device. | ||||
| CVE-2025-6599 | 1 Zyxel | 132 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 129 more | 2025-12-17 | 5.3 Medium |
| An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected. | ||||
| CVE-2023-4474 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-12-16 | 9.8 Critical |
| The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | ||||
| CVE-2023-4473 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-12-16 | 9.8 Critical |
| A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | ||||
| CVE-2025-0890 | 1 Zyxel | 28 Sbg3300-n000, Sbg3300-n000 Firmware, Sbg3300-nb00 and 25 more | 2025-12-16 | 9.8 Critical |
| **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so. | ||||
| CVE-2021-3297 | 1 Zyxel | 2 Nbg2105, Nbg2105 Firmware | 2025-11-25 | 7.8 High |
| On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | ||||