Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-7391 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel products ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. | 8.8 |
| 2019-03-07 | CVE-2019-6710 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N Firmware 1.00(Aaxm.6)C0 Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | 8.8 |
| 2018-11-27 | CVE-2018-14893 | Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81 A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | 8.8 |
| 2018-11-27 | CVE-2018-14892 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81 Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | 8.8 |
| 2018-11-17 | CVE-2018-19326 | Path Traversal vulnerability in Zyxel Vmg1312-B10D Firmware Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | 7.5 |
| 2018-11-10 | CVE-2017-17550 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Zywall USG 100 Firmware 2.12(Aqq.2)/3.30(Aqq.7) ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. | 8.8 |
| 2018-10-29 | CVE-2018-18754 | Insufficiently Protected Credentials vulnerability in Zyxel Vmg3312-B10B Firmware 1.00(Aapp.7) ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | 9.8 |
| 2018-08-26 | CVE-2018-15602 | Cross-site Scripting vulnerability in Zyxel Vmg3312 B10B Firmware Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. | 6.1 |
| 2018-08-15 | CVE-2018-9129 | Unspecified vulnerability in Zyxel products ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. | 5.9 |
| 2018-04-01 | CVE-2018-9149 | Use of Hard-coded Credentials vulnerability in Zyxel Ac3000 Firmware The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. | 6.8 |