Vulnerabilities > Zyxel > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-09-02 CVE-2020-24355 Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel Vmg5313-B30B Firmware 5.11(Abcu.1)C0/5.13(Abcj.6)B31127
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges.
network
low complexity
zyxel CWE-732
critical
 9.8
9.8
2020-06-29 CVE-2020-15324 Use of Hard-coded Credentials vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15323 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15322 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15321 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-29 CVE-2020-15320 Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
network
low complexity
zyxel CWE-798
critical
 9.8
9.8
2020-06-26 CVE-2020-15348 Code Injection vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
network
low complexity
zyxel CWE-94
critical
 9.8
9.8
2020-03-04 CVE-2020-9054 OS Command Injection vulnerability in Zyxel products
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.
network
low complexity
zyxel CWE-78
critical
 9.8
9.8
2019-11-14 CVE-2019-15803 Improper Authentication vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-287
critical
 9.1
9.1
2019-11-14 CVE-2019-15800 OS Command Injection vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-78
critical
 9.8
9.8