Filtered by vendor Zyxel Subscriptions
Filtered by product Usg2200-vpn Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-12583 1 Zyxel 28 Uag2100, Uag2100 Firmware, Uag4100 and 25 more 2024-08-04 N/A
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
CVE-2019-12581 1 Zyxel 18 Uag2100, Uag2100 Firmware, Uag4100 and 15 more 2024-08-04 N/A
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
CVE-2019-9955 1 Zyxel 42 Atp200, Atp200 Firmware, Atp500 and 39 more 2024-08-04 N/A
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
CVE-2020-25014 1 Zyxel 52 Access Points Firmware, Nwa110ax, Nwa1123-ac Hd and 49 more 2024-08-04 9.8 Critical
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
CVE-2021-35029 1 Zyxel 74 Usg100, Usg1000, Usg1000 Firmware and 71 more 2024-08-04 9.8 Critical
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.