Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zyxel vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-29299
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 ...
Zyxel Vpn Orchestrator
Zyxel Zld
Zyxel Nsg Firmware
Zyxel Nsg Firmware 1.33
Zyxel Usg Flex Firmware -
8.8
CVSSv3
CVE-2020-13364
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)...
Zyxel Nas326 Firmware
Zyxel Nas520 Firmware
Zyxel Nas540 Firmware
Zyxel Nas542 Firmware
1 Github repository
8.8
CVSSv3
CVE-2020-13365
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; N...
Zyxel Nas326 Firmware
Zyxel Nas520 Firmware
Zyxel Nas540 Firmware
Zyxel Nas542 Firmware
1 Github repository
NA
CVE-2004-1540
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote malicious users to reset the router configuration file.
Zyxel Prestige 645r A1
Zyxel Prestige 650h
Zyxel Prestige 650hw
Zyxel Prestige 650hw 31
Zyxel Prestige 650r
Zyxel Zynos 3.40
Zyxel Zynos Is.3
Zyxel Zynos Is.5
1 EDB exploit
NA
CVE-2002-0438
ZyXEL ZyWALL 10 prior to 3.50 allows remote malicious users to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.
Zyxel Zywall10 3.24 Wa0
Zyxel Zywall10 3.20 Wa0
Zyxel Zywall10 3.24 Wa2
Zyxel Zywall10 3.24 Wa1
Zyxel Zywall10 3.20 Wa1
Zyxel Zywall10 3.50 Wa1
9.8
CVSSv3
CVE-2020-25014
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated malicious users to execute arbitrary code via a crafted http packet.
Zyxel Zld Firmware
Zyxel Access Points Firmware
Zyxel Access Points Firmware 6.10
Zyxel Access Points Firmware -
7.5
CVSSv3
CVE-2008-1526
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) up to and including 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for malicious users to crack passwords.
Zyxel P-663hn-51 Firmware
Zyxel P-663hn-51 Firmware 3.40\\(pe9\\)
Zyxel P-660h-61 Firmware
Zyxel P-660h-61 Firmware 3.40\\(pe9\\)
Zyxel P-660h-63 Firmware
Zyxel P-660h-63 Firmware 3.40\\(pe9\\)
Zyxel P-660h-67 Firmware
Zyxel P-660h-67 Firmware 3.40\\(pe9\\)
Zyxel P-660h-d1 Firmware
Zyxel P-660h-d1 Firmware 3.40\\(pe9\\)
Zyxel P-660h-d3 Firmware
Zyxel P-660h-d3 Firmware 3.40\\(pe9\\)
Zyxel P-660hn-51 Firmware
Zyxel P-660hn-51 Firmware 3.40\\(pe9\\)
Zyxel P-660h-t1 Firmware
Zyxel P-660h-t1 Firmware 3.40\\(pe9\\)
Zyxel P-660hw D1 Firmware
Zyxel P-660hw D1 Firmware 3.40\\(pe9\\)
Zyxel P-660hw D3 Firmware
Zyxel P-660hw D3 Firmware 3.40\\(pe9\\)
Zyxel P-660hw T3 Firmware
Zyxel P-660hw T3 Firmware 3.40\\(pe9\\)
6.5
CVSSv3
CVE-2023-27989
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated malicious user to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
Zyxel Lte7480-m804 Firmware
Zyxel Lte7490-m904 Firmware
Zyxel Nr7101 Firmware
Zyxel Nebula Nr7101 Firmware
NA
CVE-2013-3588
The web management interface on Zyxel P660 devices allows remote malicious users to cause a denial of service (reboot) via a flood of TCP SYN packets.
Zyxel P-660h-63 -
Zyxel P-660h-t1 -
Zyxel P-660h-d3 -
Zyxel P-660h-t1 V2
Zyxel P-660h-67 -
Zyxel P-660hw D1 V2
Zyxel P-660hw T1
Zyxel P-660h-61 -
Zyxel P-660hw T3 V2
Zyxel P-660hw T3 -
Zyxel P-660hw D3 -
Zyxel P-660h-t3 V2
Zyxel P-660h-d1 -
Zyxel P-660hw D1 -
7.2
CVSSv3
CVE-2023-27988
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.
Zyxel Nas326 Firmware
Zyxel Nas540 Firmware
Zyxel Nas542 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »