Vulnerabilities > Zyxel
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-29 | CVE-2020-15314 | Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | 5.9 |
2020-06-29 | CVE-2020-15313 | Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | 5.9 |
2020-06-29 | CVE-2020-15312 | Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | 5.9 |
2020-06-26 | CVE-2020-15336 | Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | 7.5 |
2020-06-26 | CVE-2020-15335 | Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | 7.5 |
2020-06-26 | CVE-2020-15348 | Code Injection vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | 9.8 |
2020-06-22 | CVE-2020-14461 | Path Traversal vulnerability in Zyxel Wap6806 Firmware 1.00(Abal.6)C0 Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | 8.6 |
2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
2020-03-31 | CVE-2019-13495 | Cross-site Scripting vulnerability in Zyxel Xgs2210-52Hp Firmware 4.50 In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | 5.4 |
2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 9.8 |