Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-30 | CVE-2023-27988 | OS Command Injection vulnerability in Zyxel Nas326 Firmware, Nas540 Firmware and Nas542 Firmware The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely. | 7.2 |
| 2023-05-24 | CVE-2023-33010 | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | 9.8 |
| 2023-05-01 | CVE-2023-22919 | OS Command Injection vulnerability in Zyxel Nbg6604 Firmware 1.01(Abir.0)C0 The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | 8.8 |
| 2023-05-01 | CVE-2023-22921 | Cross-site Scripting vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | 7.5 |
| 2023-05-01 | CVE-2023-22922 | Classic Buffer Overflow vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. | 7.5 |
| 2023-05-01 | CVE-2023-22923 | Use of Externally-Controlled Format String vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | 6.5 |
| 2023-05-01 | CVE-2023-22924 | Classic Buffer Overflow vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | 4.9 |
| 2023-04-27 | CVE-2023-28769 | Classic Buffer Overflow vulnerability in Zyxel Dx5401-B0 Firmware The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | 9.8 |
| 2023-04-27 | CVE-2023-28770 | Unspecified vulnerability in Zyxel Dx5401-B0 Firmware The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | 7.5 |
| 2023-04-24 | CVE-2023-22918 | Unspecified vulnerability in Zyxel products A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. | 6.5 |