Filtered by vendor Zyxel Subscriptions
Total 286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-30525 1 Zyxel 32 Atp100, Atp100 Firmware, Atp100w and 29 more 2024-11-21 9.8 Critical
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
CVE-2022-2030 1 Zyxel 50 Atp100, Atp100 Firmware, Atp100w and 47 more 2024-11-21 6.5 Medium
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
CVE-2022-26532 1 Zyxel 130 Atp100, Atp100 Firmware, Atp100w and 127 more 2024-11-21 7.8 High
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
CVE-2022-26531 1 Zyxel 130 Atp100, Atp100 Firmware, Atp100w and 127 more 2024-11-21 6.1 Medium
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
CVE-2022-26414 1 Zyxel 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more 2024-11-21 6 Medium
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
CVE-2022-26413 1 Zyxel 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more 2024-11-21 8 High
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
CVE-2022-0910 1 Zyxel 64 Atp100, Atp100 Firmware, Atp100w and 61 more 2024-11-21 6.5 Medium
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
CVE-2022-0823 1 Zyxel 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more 2024-11-21 6.2 Medium
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
CVE-2022-0734 1 Zyxel 64 Atp100, Atp100 Firmware, Atp100w and 61 more 2024-11-21 5.8 Medium
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
CVE-2022-0556 1 Zyxel 1 Zyxel Ap Configurator 2024-11-21 7.3 High
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.
CVE-2022-0342 1 Zyxel 46 Atp100, Atp100 Firmware, Atp100w and 43 more 2024-11-21 9.8 Critical
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
CVE-2021-4039 1 Zyxel 2 Nwa1100-nh, Nwa1100-nh Firmware 2024-11-21 9.8 Critical
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.
CVE-2021-4030 1 Zyxel 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more 2024-11-21 8 High
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.
CVE-2021-4029 1 Zyxel 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more 2024-11-21 8.8 High
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.
CVE-2021-46387 1 Zyxel 2 Zywall 2 Plus Internet Security Appliance, Zywall 2 Plus Internet Security Appliance Firmware 2024-11-21 6.1 Medium
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
CVE-2021-3297 1 Zyxel 2 Nbg2105, Nbg2105 Firmware 2024-11-21 7.8 High
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
CVE-2021-35036 1 Zyxel 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more 2024-11-21 6.5 Medium
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
CVE-2021-35035 1 Zyxel 2 Nbg6604, Nbg6604 Firmware 2024-11-21 4.9 Medium
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
CVE-2021-35034 1 Zyxel 2 Nbg6604, Nbg6604 Firmware 2024-11-21 7.4 High
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.
CVE-2021-35033 1 Zyxel 12 Nbg6818, Nbg6818 Firmware, Nbg7815 and 9 more 2024-11-21 7.8 High
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.