Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2018-02-21 CVE-2018-1164 Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel P-870H-51 Firmware 1.00(Awg.3)D5
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5.
network
low complexity
zyxel CWE-732
critical
9.8
2018-01-16 CVE-2018-5330 Unspecified vulnerability in Zyxel P-660Hw V3 Firmware
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.
network
low complexity
zyxel
7.5
2017-12-29 CVE-2017-17901 Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
network
low complexity
zyxel CWE-400
7.5
2017-10-10 CVE-2017-15226 OS Command Injection vulnerability in Zyxel Nbg6716 Firmware 1.00(Aakg.9)C0
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
network
low complexity
zyxel CWE-78
critical
9.8
2017-09-28 CVE-2015-7256 Cryptographic Issues vulnerability in Zyxel products
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.
network
high complexity
zyxel CWE-310
5.9
2017-07-25 CVE-2016-10401 Credentials Management vulnerability in Zyxel Pk5001Z Firmware
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
network
low complexity
zyxel CWE-255
8.8
2017-06-20 CVE-2017-3216 Missing Authentication for Critical Function vulnerability in multiple products
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
network
low complexity
greenpacket huawei mada zte zyxel CWE-306
critical
9.8
2017-04-19 CVE-2017-7964 Insecure Default Initialization of Resource vulnerability in Zyxel Wre6505 Firmware V1.00(Aaqb.3)C0
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.
network
low complexity
zyxel CWE-1188
critical
10.0
2017-04-06 CVE-2017-6884 OS Command Injection vulnerability in Zyxel Emg2926 Firmware V1.00(Aaqt.4)B8
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8.
network
low complexity
zyxel CWE-78
8.8
2017-02-21 CVE-2016-10227 Resource Management Errors vulnerability in Zyxel Nwa3560-N Firmware and Usg50 Firmware
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.
network
low complexity
zyxel CWE-399
7.5