Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zyxel vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow malicious users to perform state-changing actions via crafted HTTP forms.
Zyxel Nsa325 V2 Firmware 4.81
6.8
CVSSv2
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
Zyxel Zywall Usg 100 Firmware 2.12\\(aqq.2\\)
Zyxel Zywall Usg 100 Firmware 3.30\\(aqq.7\\)
6.8
CVSSv2
CVE-2015-7284
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote malicious users to hijack the authentication of arbitrary users.
Zyxel Nbg-418n Firmware 1.00\\(aadz.3\\)c0
Zyxel Nbg-418n
6.8
CVSSv2
CVE-2014-4162
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote malicious users to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.
Zyxel P-660hw T1
1 EDB exploit
6.8
CVSSv2
CVE-2008-1254
Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote malicious users to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.
Zyxel P-660hw
6.5
CVSSv2
CVE-2020-24354
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.
Zyxel Vmg5313-b30b Firmware
6.5
CVSSv2
CVE-2019-10631
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated malicious user to execute arbitrary code via multiple different requests.
Zyxel Nas326 Firmware
6.5
CVSSv2
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated malicious user to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
Zyxel Nas326 Firmware
6.5
CVSSv2
CVE-2008-1521
ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) up to and including 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html.
Zyxel Zynos 3.40
Zyxel Prestige 660 H-d1
Zyxel Prestige 660 H-d3
Zyxel Prestige 661 Hw-d1
6.4
CVSSv2
CVE-2021-35034
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote malicious user to access the device if the correct token can be intercepted.
Zyxel Nbg6604 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »