Filtered by vendor Zyxel Subscriptions
Total 286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-22918 1 Zyxel 102 Atp100, Atp100 Firmware, Atp100w and 99 more 2024-11-21 6.5 Medium
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.
CVE-2023-22917 1 Zyxel 36 Atp100, Atp100 Firmware, Atp100w and 33 more 2024-11-21 7.5 High
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.
CVE-2023-22916 1 Zyxel 36 Atp100, Atp100 Firmware, Atp100w and 33 more 2024-11-21 8.1 High
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.
CVE-2023-22915 1 Zyxel 24 Usg 20w-vpn, Usg 20w-vpn Firmware, Usg Flex 100 and 21 more 2024-11-21 7.5 High
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.
CVE-2023-22914 1 Zyxel 22 Usg Flex 100, Usg Flex 100 Firmware, Usg Flex 100w and 19 more 2024-11-21 7.2 High
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.
CVE-2023-22913 1 Zyxel 22 Usg Flex 100, Usg Flex 100 Firmware, Usg Flex 100w and 19 more 2024-11-21 8.1 High
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.
CVE-2022-45854 1 Zyxel 12 Nwa110ax, Nwa110ax Firmware, Nwa210ax and 9 more 2024-11-21 4.3 Medium
An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.
CVE-2022-45853 1 Zyxel 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more 2024-11-21 6.7 Medium
The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.
CVE-2022-45440 1 Zyxel 2 Ax7501-b0, Ax7501-b0 Firmware 2024-11-21 4.4 Medium
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device.
CVE-2022-43393 1 Zyxel 90 Gs1350-12hp, Gs1350-12hp Firmware, Gs1350-18hp and 87 more 2024-11-21 8.2 High
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.
CVE-2022-43391 1 Zyxel 96 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 93 more 2024-11-21 6.5 Medium
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
CVE-2022-43390 1 Zyxel 78 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 75 more 2024-11-21 5.4 Medium
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
CVE-2022-43389 1 Zyxel 34 Ep240p, Ep240p Firmware, Lte3202-m437 and 31 more 2024-11-21 8.6 High
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
CVE-2022-40603 1 Zyxel 38 Atp100, Atp100 Firmware, Atp100w and 35 more 2024-11-21 4.7 Medium
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.
CVE-2022-40602 1 Zyxel 2 Lte3301-m209, Lte3301-m209 Firmware 2024-11-21 9.8 Critical
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.
CVE-2022-38547 1 Zyxel 50 Atp100, Atp100 Firmware, Atp100w and 47 more 2024-11-21 7.2 High
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
CVE-2022-38546 1 Zyxel 2 Nbg7510, Nbg7510 Firmware 2024-11-21 5.3 Medium
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.
CVE-2022-34747 1 Zyxel 2 Nas326, Nas326 Firmware 2024-11-21 9.8 Critical
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
CVE-2022-34746 1 Zyxel 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more 2024-11-21 5.9 Medium
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
CVE-2022-30526 1 Zyxel 50 Atp100, Atp100 Firmware, Atp100w and 47 more 2024-11-21 7.8 High
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.