Vulnerabilities > Zyxel > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-06 | CVE-2020-13364 | Unspecified vulnerability in Zyxel products A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. | 9.0 |
| 2020-06-26 | CVE-2020-15348 | Injection vulnerability in Zyxel Cloud CNM Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | 10.0 |
| 2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 10.0 |
| 2019-11-14 | CVE-2019-15800 | OS Command Injection vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 10.0 |
| 2019-11-14 | CVE-2019-15799 | Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 9.0 |
| 2019-05-31 | CVE-2019-6725 | Use of Hard-coded Credentials vulnerability in Zyxel P-660Hn-T1 Firmware 2.00(Aakk.3) The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. | 10.0 |
| 2019-05-02 | CVE-2017-18374 | Use of Hard-coded Credentials vulnerability in multiple products The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. | 9.0 |
| 2019-05-02 | CVE-2017-18372 | OS Command Injection vulnerability in multiple products The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. | 9.0 |
| 2019-05-02 | CVE-2017-18370 | OS Command Injection vulnerability in multiple products The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. | 9.0 |
| 2019-05-02 | CVE-2017-18368 | OS Command Injection vulnerability in multiple products The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. | 10.0 |