Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2019-15802 | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 5.9 |
| 2019-11-14 | CVE-2019-15801 | Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 7.5 |
| 2019-11-14 | CVE-2019-15800 | OS Command Injection vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.8 |
| 2019-11-14 | CVE-2019-15799 | Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 8.8 |
| 2019-11-12 | CVE-2019-15815 | Authorization Bypass Through User-Controlled Key vulnerability in Zyxel 2.00(Abbx.3) ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | 6.5 |
| 2019-10-09 | CVE-2019-17354 | Missing Authentication for Critical Function vulnerability in Zyxel Nbg-418N V2 Firmware 1.00(Aarp.9)C0 wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page. | 9.4 |
| 2019-06-27 | CVE-2019-12581 | Cross-site Scripting vulnerability in Zyxel products A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. | 6.1 |
| 2019-06-27 | CVE-2019-12583 | Forced Browsing vulnerability in Zyxel products Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. | 9.1 |
| 2019-05-31 | CVE-2019-6725 | Use of Hard-coded Credentials vulnerability in Zyxel P-660Hn-T1 Firmware 2.00(Aakk.3) The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. | 9.8 |
| 2019-05-02 | CVE-2017-18374 | Use of Hard-coded Credentials vulnerability in multiple products The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. | 8.8 |