Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-15803 Improper Authentication vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-287
6.4
2019-11-14 CVE-2019-15802 Use of Hard-coded Credentials vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
zyxel CWE-798
4.3
2019-11-14 CVE-2019-15801 Insufficiently Protected Credentials vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-522
5.0
2019-11-14 CVE-2019-15800 OS Command Injection vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-78
critical
10.0
2019-11-14 CVE-2019-15799 Improper Privilege Management vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-269
critical
9.0
2019-11-12 CVE-2019-15815 Authorization Bypass Through User-Controlled Key vulnerability in Zyxel 2.00(Abbx.3)
ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.
network
low complexity
zyxel CWE-639
4.0
2019-10-09 CVE-2019-17354 Missing Authentication for Critical Function vulnerability in Zyxel Nbg-418N V2 Firmware 1.00(Aarp.9)C0
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
network
low complexity
zyxel CWE-306
7.5
2019-06-27 CVE-2019-12581 Cross-site Scripting vulnerability in Zyxel products
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
network
zyxel CWE-79
4.3
2019-06-27 CVE-2019-12583 Forced Browsing vulnerability in Zyxel products
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator.
network
low complexity
zyxel CWE-425
6.4
2019-05-31 CVE-2019-6725 Use of Hard-coded Credentials vulnerability in Zyxel P-660Hn-T1 Firmware 2.00(Aakk.3)
The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices.
network
low complexity
zyxel CWE-798
critical
10.0