Filtered by vendor Zyxel
Subscribe
Total
274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15332 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | |||||
| CVE-2020-15344 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | |||||
| CVE-2020-15343 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | |||||
| CVE-2022-2030 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. | |||||
| CVE-2022-34746 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2024-02-28 | N/A | 5.9 MEDIUM |
| An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface. | |||||
| CVE-2020-15341 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | |||||
| CVE-2020-15338 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. | |||||
| CVE-2020-15327 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 7.5 HIGH |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | |||||
| CVE-2020-15339 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 6.1 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. | |||||
| CVE-2020-15326 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | |||||
| CVE-2020-15331 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | |||||
| CVE-2020-15345 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | |||||
| CVE-2020-15337 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. | |||||
| CVE-2020-15328 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | |||||
| CVE-2020-15325 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | |||||
| CVE-2020-15330 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | |||||
| CVE-2020-15342 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. | |||||
| CVE-2020-15333 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | |||||
| CVE-2020-15334 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. | |||||
| CVE-2022-34747 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. | |||||