Vulnerabilities > Zyxel

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-29	CVE-2020-15312	Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. network high complexity zyxel CWE-798	5.9
2020-06-26	CVE-2020-15336	Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. network low complexity zyxel CWE-306	7.5
2020-06-26	CVE-2020-15335	Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. network low complexity zyxel CWE-306	7.5
2020-06-26	CVE-2020-15348	Code Injection vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. network low complexity zyxel CWE-94 critical	9.8
2020-06-22	CVE-2020-14461	Path Traversal vulnerability in Zyxel Wap6806 Firmware 1.00(Abal.6)C0 Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. network low complexity zyxel CWE-22	8.6
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2020-03-31	CVE-2019-13495	Cross-site Scripting vulnerability in Zyxel Xgs2210-52Hp Firmware 4.50 In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. network low complexity zyxel CWE-79	5.4
2020-03-04	CVE-2020-9054	OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. network low complexity zyxel CWE-78 critical	9.8
2019-11-14	CVE-2019-15804	Unspecified vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. network low complexity zyxel	7.5
2019-11-14	CVE-2019-15803	Improper Authentication vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. network low complexity zyxel CWE-287 critical	9.1

Vulnerabilities > Zyxel {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zyxel"}]}

Vulnerabilities > Zyxel