Filtered by vendor Zyxel
Subscriptions
Total
303 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27991 | 1 Zyxel | 38 Atp100, Atp100 Firmware, Atp100w and 35 more | 2025-02-04 | 8.8 High |
| The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. | ||||
| CVE-2023-33009 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2025-02-04 | 9.8 Critical |
| A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | ||||
| CVE-2023-28770 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2025-01-31 | 7.5 High |
| The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | ||||
| CVE-2023-28769 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2025-01-31 | 9.8 Critical |
| The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | ||||
| CVE-2023-22919 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2025-01-30 | 8.8 High |
| The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | ||||
| CVE-2023-22921 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-01-30 | 7.5 High |
| A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | ||||
| CVE-2023-22922 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-01-30 | 7.5 High |
| A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. | ||||
| CVE-2023-22923 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-01-30 | 6.5 Medium |
| A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | ||||
| CVE-2023-22924 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-01-30 | 4.9 Medium |
| A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | ||||
| CVE-2024-0816 | 1 Zyxel | 130 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 127 more | 2025-01-22 | 5.5 Medium |
| The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device. | ||||
| CVE-2023-37929 | 1 Zyxel | 64 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 61 more | 2025-01-22 | 6.5 Medium |
| The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. | ||||
| CVE-2024-29976 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 6.5 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device. | ||||
| CVE-2024-29975 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 6.7 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. | ||||
| CVE-2024-29974 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device. | ||||
| CVE-2024-29973 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
| CVE-2024-29972 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
| CVE-2024-1575 | 1 Zyxel | 40 Nwa110ax, Nwa110ax Firmware, Nwa1123acv3 and 37 more | 2025-01-22 | 6.5 Medium |
| The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. | ||||
| CVE-2024-6342 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
| CVE-2024-8234 | 1 Zyxel | 3 Nwa1100-n Firmware, Nwaw1100-n, Nwaw1100-n Firmware | 2025-01-22 | 7.5 High |
| ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device. | ||||
| CVE-2024-38266 | 1 Zyxel | 84 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 81 more | 2025-01-22 | 4.9 Medium |
| An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. | ||||