Vulnerabilities > Zyxel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-01 | CVE-2023-22921 | Cross-site Scripting vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | 7.5 |
| 2023-05-01 | CVE-2023-22922 | Classic Buffer Overflow vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. | 7.5 |
| 2023-05-01 | CVE-2023-22923 | Use of Externally-Controlled Format String vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | 6.5 |
| 2023-05-01 | CVE-2023-22924 | Classic Buffer Overflow vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0/1.00(Aarp.13)C0 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | 4.9 |
| 2023-04-27 | CVE-2023-28769 | Classic Buffer Overflow vulnerability in Zyxel Dx5401-B0 Firmware The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | 9.8 |
| 2023-04-27 | CVE-2023-28770 | Unspecified vulnerability in Zyxel Dx5401-B0 Firmware The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | 7.5 |
| 2023-04-25 | CVE-2023-28771 | OS Command Injection vulnerability in Zyxel products Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. | 9.8 |
| 2023-04-24 | CVE-2023-22918 | Unspecified vulnerability in Zyxel products A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. | 6.5 |
| 2023-04-24 | CVE-2023-27990 | Cross-site Scripting vulnerability in Zyxel products The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. | 4.8 |
| 2023-04-24 | CVE-2023-27991 | OS Command Injection vulnerability in Zyxel products The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. | 8.8 |