Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-10631 OS Command Injection vulnerability in Zyxel Nas326 Firmware 5.21
Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.
network
low complexity
zyxel CWE-78
8.8
2019-04-09 CVE-2019-10630 Insufficiently Protected Credentials vulnerability in Zyxel Nas326 Firmware 5.21
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.
network
low complexity
zyxel CWE-522
8.8
2019-03-21 CVE-2019-7391 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel products
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
network
low complexity
zyxel CWE-352
8.8
2019-03-07 CVE-2019-6710 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N Firmware 1.00(Aaxm.6)C0
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
network
low complexity
zyxel CWE-352
8.8
2018-11-27 CVE-2018-14893 Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
network
low complexity
zyxel CWE-77
8.8
2018-11-27 CVE-2018-14892 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
network
low complexity
zyxel CWE-352
8.8
2018-11-17 CVE-2018-19326 Path Traversal vulnerability in Zyxel Vmg1312-B10D Firmware
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
network
low complexity
zyxel CWE-22
7.5
2018-11-10 CVE-2017-17550 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Zywall USG 100 Firmware 2.12(Aqq.2)/3.30(Aqq.7)
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account.
network
low complexity
zyxel CWE-352
8.8
2018-10-29 CVE-2018-18754 Insufficiently Protected Credentials vulnerability in Zyxel Vmg3312-B10B Firmware 1.00(Aapp.7)
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
network
low complexity
zyxel CWE-522
critical
9.8
2018-08-26 CVE-2018-15602 Cross-site Scripting vulnerability in Zyxel Vmg3312 B10B Firmware
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
network
low complexity
zyxel CWE-79
6.1