Vulnerabilities > Zyxel
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-09 | CVE-2019-10631 | OS Command Injection vulnerability in Zyxel Nas326 Firmware 5.21 Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. | 8.8 |
2019-04-09 | CVE-2019-10630 | Insufficiently Protected Credentials vulnerability in Zyxel Nas326 Firmware 5.21 A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. | 8.8 |
2019-03-21 | CVE-2019-7391 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel products ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | 8.8 |
2019-03-07 | CVE-2019-6710 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N Firmware 1.00(Aaxm.6)C0 Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | 8.8 |
2018-11-27 | CVE-2018-14893 | Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81 A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | 8.8 |
2018-11-27 | CVE-2018-14892 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81 Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | 8.8 |
2018-11-17 | CVE-2018-19326 | Path Traversal vulnerability in Zyxel Vmg1312-B10D Firmware Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | 7.5 |
2018-11-10 | CVE-2017-17550 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Zywall USG 100 Firmware 2.12(Aqq.2)/3.30(Aqq.7) ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. | 8.8 |
2018-10-29 | CVE-2018-18754 | Insufficiently Protected Credentials vulnerability in Zyxel Vmg3312-B10B Firmware 1.00(Aapp.7) ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | 9.8 |
2018-08-26 | CVE-2018-15602 | Cross-site Scripting vulnerability in Zyxel Vmg3312 B10B Firmware Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. | 6.1 |