Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 9.8 |
| 2019-11-14 | CVE-2019-15804 | Unspecified vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 7.5 |
| 2019-11-14 | CVE-2019-15803 | Improper Authentication vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.1 |
| 2019-11-14 | CVE-2019-15802 | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 5.9 |
| 2019-11-14 | CVE-2019-15801 | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 7.5 |
| 2019-11-14 | CVE-2019-15800 | OS Command Injection vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.8 |
| 2019-11-14 | CVE-2019-15799 | Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 8.8 |
| 2019-11-12 | CVE-2019-15815 | Authorization Bypass Through User-Controlled Key vulnerability in Zyxel 2.00(Abbx.3) ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | 6.5 |
| 2019-10-09 | CVE-2019-17354 | Missing Authentication for Critical Function vulnerability in Zyxel Nbg-418N V2 Firmware 1.00(Aarp.9)C0 wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page. | 9.4 |
| 2019-06-27 | CVE-2019-12581 | Cross-site Scripting vulnerability in Zyxel products A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. | 6.1 |