Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 up to and including 4.73, VPN series firmware versions 4.60 up to and including 5.35, USG FLEX series firmware versions 4.60 up to and including 5.35, and ATP series firmware versions 4.60 up to and including 5.35, which could allow an unauthenticated malicious user to execute some OS commands remotely by sending crafted packets to an affected device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zyxel atp100_firmware |
||
zyxel atp100w_firmware |
||
zyxel atp200_firmware |
||
zyxel atp500_firmware |
||
zyxel atp700_firmware |
||
zyxel atp800_firmware |
||
zyxel usg_flex_100_firmware |
||
zyxel usg_flex_100w_firmware |
||
zyxel usg_flex_200_firmware |
||
zyxel usg_flex_50_firmware |
||
zyxel usg_flex_500_firmware |
||
zyxel usg_flex_50w_firmware |
||
zyxel usg_flex_700_firmware |
||
zyxel vpn100_firmware |
||
zyxel vpn1000_firmware |
||
zyxel vpn300_firmware |
||
zyxel vpn50_firmware |
||
zyxel zywall_usg_310_firmware |
||
zyxel zywall_usg_310_firmware 4.73 |
||
zyxel zywall_usg_100_firmware |
||
zyxel zywall_usg_100_firmware 4.73 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record
Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit. Detailing the attack waves in a report, it revealed that 22 companies were breached in just a few days with some were forced to enter island mode operation, where they had to disconnect from the internet. In almost all cases unpatched vulnerabilities in Zyxel firewalls meant compromise was possible, and i...