Filtered by vendor Zyxel
Subscriptions
Total
276 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5593 | 1 Zyxel | 1 Secuextender Ssl Vpn | 2024-08-29 | 7.8 High |
| The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message. | ||||
| CVE-2023-5372 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-08-23 | 7.2 High |
| The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface. | ||||
| CVE-2001-1194 | 1 Zyxel | 2 Prestige 1600, Prestige 681 | 2024-08-08 | N/A |
| Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. | ||||
| CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2024-08-08 | N/A |
| ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. | ||||
| CVE-2002-1072 | 1 Zyxel | 1 Prestige | 2024-08-08 | N/A |
| ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. | ||||
| CVE-2002-1071 | 1 Zyxel | 1 Prestige | 2024-08-08 | N/A |
| ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set. | ||||
| CVE-2002-0438 | 1 Zyxel | 1 Zywall10 | 2024-08-08 | N/A |
| ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface. | ||||
| CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2024-08-08 | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | ||||
| CVE-2004-1684 | 1 Zyxel | 2 Prestige, Zynos | 2024-08-08 | N/A |
| Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2004-1540 | 1 Zyxel | 2 Prestige, Zynos | 2024-08-08 | N/A |
| ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | ||||
| CVE-2004-0670 | 1 Zyxel | 1 Prestige | 2024-08-08 | N/A |
| Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password. | ||||
| CVE-2005-3725 | 1 Zyxel | 1 Prestige 2000w V.1voip Wi-fi Phone | 2024-08-07 | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. | ||||
| CVE-2005-3724 | 1 Zyxel | 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone | 2024-08-07 | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | ||||
| CVE-2005-1717 | 1 Zyxel | 1 Prestige 650r-31 | 2024-08-07 | N/A |
| ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | ||||
| CVE-2005-0328 | 2 Netgear, Zyxel | 3 Rt311, Rt314, Prestige | 2024-08-07 | N/A |
| Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. | ||||
| CVE-2006-3929 | 1 Zyxel | 1 Prestige 660h-61 | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. | ||||
| CVE-2006-2562 | 1 Zyxel | 1 P-335wt Router | 2024-08-07 | N/A |
| ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-0302 | 1 Zyxel | 1 P2000w Version 2 Voip Wifi Phone | 2024-08-07 | N/A |
| ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090. | ||||
| CVE-2007-6730 | 1 Zyxel | 1 P-330w Router | 2024-08-07 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. | ||||
| CVE-2007-6729 | 1 Zyxel | 1 P-330w Router | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors. | ||||