Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-15804 Unspecified vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel
7.5
2019-11-14 CVE-2019-15803 Improper Authentication vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-287
critical
9.1
2019-11-14 CVE-2019-15802 Use of Hard-coded Credentials vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
high complexity
zyxel CWE-798
5.9
2019-11-14 CVE-2019-15801 Use of Hard-coded Credentials vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-798
7.5
2019-11-14 CVE-2019-15800 OS Command Injection vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-78
critical
9.8
2019-11-14 CVE-2019-15799 Improper Privilege Management vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-269
8.8
2019-11-12 CVE-2019-15815 Authorization Bypass Through User-Controlled Key vulnerability in Zyxel 2.00(Abbx.3)
ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.
network
low complexity
zyxel CWE-639
6.5
2019-10-09 CVE-2019-17354 Missing Authentication for Critical Function vulnerability in Zyxel Nbg-418N V2 Firmware 1.00(Aarp.9)C0
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
network
low complexity
zyxel CWE-306
critical
9.4
2019-06-27 CVE-2019-12581 Cross-site Scripting vulnerability in Zyxel products
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
network
low complexity
zyxel CWE-79
6.1
2019-06-27 CVE-2019-12583 Forced Browsing vulnerability in Zyxel products
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator.
network
low complexity
zyxel CWE-425
critical
9.1