Vulnerabilities > Zyxel > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-14893 | Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81 A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | 9.0 |
| 2018-02-21 | CVE-2018-1164 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel P-870H-51 Firmware 1.00(Awg.3)D5 This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. | 10.0 |
| 2017-07-25 | CVE-2016-10401 | Credentials Management vulnerability in Zyxel Pk5001Z Firmware ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | 9.0 |
| 2017-06-20 | CVE-2017-3216 | Missing Authentication for Critical Function vulnerability in multiple products WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | 10.0 |
| 2017-04-19 | CVE-2017-7964 | Insecure Default Initialization of Resource vulnerability in Zyxel Wre6505 Firmware Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. | 10.0 |
| 2017-04-06 | CVE-2017-6884 | OS Command Injection vulnerability in Zyxel Emg2926 Firmware V1.00(Aaqt.4)B8 A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. | 9.0 |
| 2015-12-31 | CVE-2015-7283 | Credentials Management vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0 The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 9.3 |
| 2015-12-31 | CVE-2015-6018 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | 10.0 |
| 2015-12-31 | CVE-2015-6016 | Credentials Management vulnerability in Zyxel Nbg-418N, Pmg5318-B20A Firmware and Zynos Firmware ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | 10.0 |
| 2009-09-10 | CVE-2007-6730 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-330W Router Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. | 9.3 |