Filtered by vendor Zyxel
Subscribe
Total
279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1717 | 1 Zyxel | 1 Prestige 650r-31 | 2024-11-20 | 5.0 MEDIUM | N/A |
ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | |||||
CVE-2005-0328 | 2 Netgear, Zyxel | 3 Rt311, Rt314, Prestige | 2024-11-20 | 5.0 MEDIUM | N/A |
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. | |||||
CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2024-11-20 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | |||||
CVE-2004-1684 | 1 Zyxel | 2 Prestige, Zynos | 2024-11-20 | 5.0 MEDIUM | N/A |
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2004-1540 | 1 Zyxel | 2 Prestige, Zynos | 2024-11-20 | 5.0 MEDIUM | N/A |
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | |||||
CVE-2004-0670 | 1 Zyxel | 1 Prestige | 2024-11-20 | 5.0 MEDIUM | N/A |
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password. | |||||
CVE-2002-1072 | 1 Zyxel | 1 Prestige | 2024-11-20 | 5.0 MEDIUM | N/A |
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. | |||||
CVE-2002-1071 | 1 Zyxel | 1 Prestige | 2024-11-20 | 5.0 MEDIUM | N/A |
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set. | |||||
CVE-2002-0438 | 1 Zyxel | 1 Zywall10 | 2024-11-20 | 5.0 MEDIUM | N/A |
ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface. | |||||
CVE-2001-1194 | 1 Zyxel | 2 Prestige 1600, Prestige 681 | 2024-11-20 | 5.0 MEDIUM | N/A |
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. | |||||
CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2024-11-20 | 7.5 HIGH | N/A |
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. | |||||
CVE-2024-8881 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2024-11-14 | N/A | 6.8 MEDIUM |
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request. | |||||
CVE-2024-8882 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2024-11-14 | N/A | 4.5 MEDIUM |
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL. | |||||
CVE-2024-38267 | 1 Zyxel | 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more | 2024-09-30 | N/A | 4.9 MEDIUM |
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | |||||
CVE-2024-38268 | 1 Zyxel | 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more | 2024-09-30 | N/A | 4.9 MEDIUM |
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | |||||
CVE-2024-38269 | 1 Zyxel | 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more | 2024-09-30 | N/A | 4.9 MEDIUM |
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | |||||
CVE-2024-38270 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2024-09-18 | N/A | 6.5 MEDIUM |
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive. | |||||
CVE-2024-7261 | 1 Zyxel | 58 Nwa110ax, Nwa110ax Firmware, Nwa1123-ac Pro and 55 more | 2024-09-13 | N/A | 9.8 CRITICAL |
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. | |||||
CVE-2024-5412 | 1 Zyxel | 100 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 97 more | 2024-09-06 | N/A | 7.5 HIGH |
A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | |||||
CVE-2024-42057 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-09-05 | N/A | 8.1 HIGH |
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists. |