Vulnerabilities (CVE)

Filtered by vendor Zyxel Subscribe
Total 277 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35028 1 Zyxel 2 Zywall Vpn2s, Zywall Vpn2s Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.
CVE-2021-35033 1 Zyxel 12 Nbg6818, Nbg6818 Firmware, Nbg7815 and 9 more 2024-02-28 6.9 MEDIUM 7.8 HIGH
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.
CVE-2021-35034 1 Zyxel 2 Nbg6604, Nbg6604 Firmware 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.
CVE-2021-35027 1 Zyxel 2 Zywall Vpn2s, Zywall Vpn2s Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.
CVE-2021-35035 1 Zyxel 2 Nbg6604, Nbg6604 Firmware 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
CVE-2021-35032 1 Zyxel 24 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 21 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
CVE-2021-35029 1 Zyxel 74 Usg100, Usg1000, Usg1000 Firmware and 71 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
CVE-2021-35030 1 Zyxel 24 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 21 more 2024-02-28 2.3 LOW 4.3 MEDIUM
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
CVE-2020-20183 1 Zyxel 2 P1302-t10 V3, P1302-t10 V3 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.
CVE-2021-3297 1 Zyxel 2 Nbg2105, Nbg2105 Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
CVE-2020-28899 1 Zyxel 6 Lte4506-m606, Lte4506-m606 Firmware, Lte7460-m608 and 3 more 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.
CVE-2020-29299 1 Zyxel 7 Atp, Nsg, Nsg Firmware and 4 more 2024-02-28 9.0 HIGH 7.2 HIGH
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
CVE-2020-25014 1 Zyxel 52 Access Points Firmware, Nwa110ax, Nwa1123-ac Hd and 49 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
CVE-2020-15317 1 Zyxel 1 Cloudcnm Secumanager 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.
CVE-2020-15321 1 Zyxel 1 Cloudcnm Secumanager 2024-02-28 7.5 HIGH 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
CVE-2020-15322 1 Zyxel 1 Cloudcnm Secumanager 2024-02-28 7.5 HIGH 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
CVE-2020-15348 1 Zyxel 1 Cloud Cnm Secumanager 2024-02-28 10.0 HIGH 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
CVE-2020-15316 1 Zyxel 1 Cloudcnm Secumanager 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.
CVE-2020-13365 1 Zyxel 8 Nas326, Nas326 Firmware, Nas520 and 5 more 2024-02-28 9.0 HIGH 8.8 HIGH
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.
CVE-2020-15315 1 Zyxel 1 Cloudcnm Secumanager 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.