Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zyxel vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-10631
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated malicious user to execute arbitrary code via multiple different requests.
Zyxel Nas326 Firmware
8.8
CVSSv3
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated malicious user to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
Zyxel Nas326 Firmware
8.8
CVSSv3
CVE-2019-7391
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
Zyxel Dsl-491hnu-b10b Firmware -
Zyxel Dsl-491hnu-b1b V2 Firmware -
1 EDB exploit
8.8
CVSSv3
CVE-2019-6710
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
Zyxel Nbg-418n Firmware 1.00\\(aaxm.6\\)c0
1 EDB exploit
8.8
CVSSv3
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow malicious users to perform state-changing actions via crafted HTTP forms.
Zyxel Nsa325 V2 Firmware 4.81
8.8
CVSSv3
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows malicious users to execute system commands via the web application API.
Zyxel Nsa325 V2 Firmware 4.81
8.8
CVSSv3
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
Zyxel Zywall Usg 100 Firmware 2.12\\(aqq.2\\)
Zyxel Zywall Usg 100 Firmware 3.30\\(aqq.7\\)
8.8
CVSSv3
CVE-2016-10401
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote malicious users to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
Zyxel Pk5001z Firmware -
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2017-6884
A command injection vulnerability exists on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the ro...
Zyxel Emg2926 Firmware V1.00\\(aaqt.4\\)b8
1 EDB exploit
8.6
CVSSv3
CVE-2020-14461
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
Zyxel Wap6806 Firmware 1.00\\(abal.6\\)c0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »