Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2018-08-15 CVE-2018-9129 Unspecified vulnerability in Zyxel products
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.
network
high complexity
zyxel
5.9
2018-04-01 CVE-2018-9149 Use of Hard-coded Credentials vulnerability in Zyxel Ac3000 Firmware
The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART.
low complexity
zyxel CWE-798
6.8
2018-02-21 CVE-2018-1164 Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel P-870H-51 Firmware 1.00(Awg.3)D5
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5.
network
low complexity
zyxel CWE-732
critical
9.8
2018-01-16 CVE-2018-5330 Unspecified vulnerability in Zyxel P-660Hw V3 Firmware
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.
network
low complexity
zyxel
7.5
2017-12-29 CVE-2017-17901 Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
network
low complexity
zyxel CWE-400
7.5
2017-10-10 CVE-2017-15226 OS Command Injection vulnerability in Zyxel Nbg6716 Firmware 1.00(Aakg.9)C0
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
network
low complexity
zyxel CWE-78
critical
9.8
2017-09-28 CVE-2015-7256 Cryptographic Issues vulnerability in Zyxel products
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.
network
high complexity
zyxel CWE-310
5.9
2017-07-25 CVE-2016-10401 Credentials Management vulnerability in Zyxel Pk5001Z Firmware
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
network
low complexity
zyxel CWE-255
8.8
2017-06-20 CVE-2017-3216 Missing Authentication for Critical Function vulnerability in multiple products
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
network
low complexity
greenpacket huawei mada zte zyxel CWE-306
critical
9.8
2017-04-19 CVE-2017-7964 Insecure Default Initialization of Resource vulnerability in Zyxel Wre6505 Firmware V1.00(Aaqb.3)C0
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
network
low complexity
zyxel CWE-1188
critical
10.0