Vulnerabilities > Zyxel

DATE CVE VULNERABILITY TITLE RISK
2023-02-21 CVE-2023-22920 Unspecified vulnerability in Zyxel Lte3202-M437 Firmware and Lte3316-M604 Firmware
A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes.
network
low complexity
zyxel
critical
9.8
2023-02-07 CVE-2022-38547 OS Command Injection vulnerability in Zyxel products
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
network
low complexity
zyxel CWE-78
7.2
2023-02-07 CVE-2022-45441 Cross-site Scripting vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0
A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device.
network
low complexity
zyxel CWE-79
6.1
2023-01-17 CVE-2022-45439 Cleartext Storage of Sensitive Information vulnerability in Zyxel Ax7501-B0 Firmware 5.17(Abpc.1)C0
A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext.
low complexity
zyxel CWE-312
6.5
2023-01-17 CVE-2022-45440 Link Following vulnerability in Zyxel Ax7501-B0 Firmware 5.17(Abpc.1)C0
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media.
local
low complexity
zyxel CWE-59
4.4
2023-01-11 CVE-2022-43389 Classic Buffer Overflow vulnerability in Zyxel products
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
network
low complexity
zyxel CWE-120
critical
9.8
2023-01-11 CVE-2022-43390 OS Command Injection vulnerability in Zyxel products
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
network
low complexity
zyxel CWE-78
8.8
2023-01-11 CVE-2022-43393 Improper Check for Unusual or Exceptional Conditions vulnerability in Zyxel products
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.
network
low complexity
zyxel CWE-754
8.2
2022-12-21 CVE-2022-38546 Unspecified vulnerability in Zyxel Nbg7510 Firmware 1.00(Abzy.2)C0
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.
network
low complexity
zyxel
critical
9.8
2022-12-06 CVE-2022-40603 Cross-site Scripting vulnerability in Zyxel products
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload.
network
low complexity
zyxel CWE-79
6.1