Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2020-12-27 CVE-2020-29299 Command Injection vulnerability in Zyxel products
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action.
network
low complexity
zyxel CWE-77
critical
9.0
2020-12-22 CVE-2020-29583 Cleartext Storage of Sensitive Information vulnerability in Zyxel products
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.
network
low complexity
zyxel CWE-312
critical
10.0
2020-12-14 CVE-2020-20183 Missing Authorization vulnerability in Zyxel P1302-T10 V3 Firmware 2.00
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.
network
low complexity
zyxel CWE-862
5.0
2020-11-27 CVE-2020-25014 Out-Of-Bounds Write vulnerability in Zyxel Access Points Firmware and ZLD Firmware
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
network
low complexity
zyxel CWE-787
7.5
2020-09-02 CVE-2020-24355 Incorrect Permission Assignment FOR Critical Resource vulnerability in Zyxel Vmg5313-B30B Firmware
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges.
network
low complexity
zyxel CWE-732
critical
10.0
2020-08-31 CVE-2020-24354 Code Injection vulnerability in Zyxel Vmg5313-B30B Firmware
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.
network
low complexity
zyxel CWE-94
6.5
2020-06-29 CVE-2020-15324 USE of Hard-Coded Credentials vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
network
low complexity
zyxel CWE-798
7.5
2020-06-29 CVE-2020-15323 USE of Hard-Coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
network
low complexity
zyxel CWE-798
7.5
2020-06-29 CVE-2020-15322 USE of Hard-Coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
network
low complexity
zyxel CWE-798
7.5
2020-06-29 CVE-2020-15321 USE of Hard-Coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
network
low complexity
zyxel CWE-798
7.5