Vulnerabilities > Zyxel > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18754 | Insufficiently Protected Credentials vulnerability in Zyxel Vmg3312-B10B Firmware 1.00(Aapp.7) ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | 9.8 |
| 2018-02-21 | CVE-2018-1164 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel P-870H-51 Firmware 1.00(Awg.3)D5 This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. | 9.8 |
| 2017-10-10 | CVE-2017-15226 | OS Command Injection vulnerability in Zyxel Nbg6716 Firmware 1.00(Aakg.9)C0 Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | 9.8 |
| 2017-06-20 | CVE-2017-3216 | Missing Authentication for Critical Function vulnerability in multiple products WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. | 9.8 |
| 2017-04-19 | CVE-2017-7964 | Insecure Default Initialization of Resource vulnerability in Zyxel Wre6505 Firmware V1.00(Aaqb.3)C0 Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. | 10.0 |
| 2016-03-03 | CVE-2016-1329 | Improper Authentication vulnerability in multiple products Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. | 9.8 |
| 2015-12-31 | CVE-2015-5989 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | 9.8 |
| 2015-12-31 | CVE-2015-5988 | Credentials Management vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | 9.8 |
| 2015-12-31 | CVE-2015-6018 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | 9.8 |
| 2015-12-31 | CVE-2015-6016 | Credentials Management vulnerability in Zyxel Nbg-418N, Pmg5318-B20A Firmware and Zynos Firmware ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | 9.8 |