Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-35029 Improper Authentication vulnerability in Zyxel products
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
network
low complexity
zyxel CWE-287
7.5
2021-03-16 CVE-2020-28899 Missing Authentication for Critical Function vulnerability in Zyxel products
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router.
network
low complexity
zyxel CWE-306
6.4
2021-01-26 CVE-2021-3297 Improper Authentication vulnerability in Zyxel Nbg2105 Firmware V1.00(Aagu.2)C0
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
local
low complexity
zyxel CWE-287
7.2
2020-12-27 CVE-2020-29299 Command Injection vulnerability in Zyxel products
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action.
network
low complexity
zyxel CWE-77
critical
9.0
2020-12-22 CVE-2020-29583 Cleartext Storage of Sensitive Information vulnerability in Zyxel products
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.
network
low complexity
zyxel CWE-312
critical
10.0
2020-12-14 CVE-2020-20183 Missing Authorization vulnerability in Zyxel P1302-T10 V3 Firmware 2.00
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.
network
low complexity
zyxel CWE-862
5.0
2020-11-27 CVE-2020-25014 Out-Of-Bounds Write vulnerability in Zyxel Access Points Firmware and ZLD Firmware
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
network
low complexity
zyxel CWE-787
7.5
2020-09-02 CVE-2020-24355 Incorrect Permission Assignment FOR Critical Resource vulnerability in Zyxel Vmg5313-B30B Firmware
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges.
network
low complexity
zyxel CWE-732
critical
10.0
2020-08-31 CVE-2020-24354 Code Injection vulnerability in Zyxel Vmg5313-B30B Firmware 5.11(Abcu.1)C0/5.13(Abcj.6)B31127
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.
network
low complexity
zyxel CWE-94
6.5
2020-06-29 CVE-2020-15324 USE of Hard-Coded Credentials vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
network
low complexity
zyxel CWE-798
7.5