Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-01 | CVE-2018-9149 | Use of Hard-coded Credentials vulnerability in Zyxel Ac3000 Firmware The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. | 7.2 |
| 2018-02-21 | CVE-2018-1164 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel P-870H-51 Firmware 1.00(Awg.3)D5 This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. | 10.0 |
| 2018-01-16 | CVE-2018-5330 | Unspecified vulnerability in Zyxel P-660Hw V3 Firmware ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | 7.8 |
| 2017-12-29 | CVE-2017-17901 | Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | 7.8 |
| 2017-10-10 | CVE-2017-15226 | OS Command Injection vulnerability in Zyxel Nbg6716 Firmware 1.00(Aakg.9)C0 Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | 7.5 |
| 2017-09-28 | CVE-2015-7256 | Cryptographic Issues vulnerability in Zyxel products ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | 4.3 |
| 2017-07-25 | CVE-2016-10401 | Credentials Management vulnerability in Zyxel Pk5001Z Firmware ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | 9.0 |
| 2017-06-20 | CVE-2017-3216 | Missing Authentication for Critical Function vulnerability in multiple products WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | 10.0 |
| 2017-04-19 | CVE-2017-7964 | Insecure Default Initialization of Resource vulnerability in Zyxel Wre6505 Firmware Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. | 10.0 |
| 2017-04-06 | CVE-2017-6884 | OS Command Injection vulnerability in Zyxel Emg2926 Firmware V1.00(Aaqt.4)B8 A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. | 9.0 |