Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 up to and including 4.73, VPN series firmware versions 4.60 up to and including 5.35, USG FLEX series firmware versions 4.60 up to and including 5.35, and ATP series firmware versions 4.60 up to and including 5.35, which could allow an unauthenticated malicious user to execute some OS commands remotely by sending crafted packets to an affected device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zyxel atp100 firmware |
||
zyxel atp100w firmware |
||
zyxel atp200 firmware |
||
zyxel atp500 firmware |
||
zyxel atp700 firmware |
||
zyxel atp800 firmware |
||
zyxel usg flex 100 firmware |
||
zyxel usg flex 100w firmware |
||
zyxel usg flex 200 firmware |
||
zyxel usg flex 50 firmware |
||
zyxel usg flex 500 firmware |
||
zyxel usg flex 50w firmware |
||
zyxel usg flex 700 firmware |
||
zyxel vpn100 firmware |
||
zyxel vpn1000 firmware |
||
zyxel vpn300 firmware |
||
zyxel vpn50 firmware |
||
zyxel zywall usg 310 firmware |
||
zyxel zywall usg 310 firmware 4.73 |
||
zyxel zywall usg 100 firmware |
||
zyxel zywall usg 100 firmware 4.73 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record
Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit. Detailing the attack waves in a report, it revealed that 22 companies were breached in just a few days with some were forced to enter island mode operation, where they had to disconnect from the internet. In almost all cases unpatched vulnerabilities in Zyxel firewalls meant compromise was possible, and i...