Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-31 | CVE-2015-7283 | Credentials Management vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0 The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 8.1 |
| 2015-12-31 | CVE-2015-6020 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | 8.0 |
| 2015-12-31 | CVE-2015-6019 | Unspecified vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 8.5 |
| 2015-12-31 | CVE-2015-6018 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | 9.8 |
| 2015-12-31 | CVE-2015-6017 | Cross-site Scripting vulnerability in Zyxel P-660Hw-T1 V2 Firmware 3.40(Axh.0) Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. | 6.1 |
| 2015-12-31 | CVE-2015-6016 | Credentials Management vulnerability in Zyxel Nbg-418N, Pmg5318-B20A Firmware and Zynos Firmware ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | 9.8 |
| 2008-03-26 | CVE-2008-1526 | Use of Password Hash With Insufficient Computational Effort vulnerability in Zyxel products ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. | 7.5 |
| 2008-03-25 | CVE-2008-1160 | Use of Hard-coded Credentials vulnerability in Zyxel Zywall 1050 Firmware ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | 9.8 |