Vulnerabilities > Zyxel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-24 | CVE-2022-26532 | OS Command Injection vulnerability in Zyxel products A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | 7.8 |
| 2022-04-11 | CVE-2022-26413 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | 8.0 |
| 2022-04-11 | CVE-2022-0556 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel AP Configurator 1.1.4 A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | 7.8 |
| 2022-02-24 | CVE-2021-4029 | OS Command Injection vulnerability in Zyxel Nbg6816 Firmware and Nbg6817 Firmware A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | 8.8 |
| 2022-02-24 | CVE-2021-4030 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg6816 Firmware and Nbg6817 Firmware A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. | 8.8 |
| 2021-12-28 | CVE-2021-35031 | OS Command Injection vulnerability in Zyxel products A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. | 8.0 |
| 2021-12-28 | CVE-2021-35032 | OS Command Injection vulnerability in Zyxel products A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. | 7.8 |
| 2021-11-23 | CVE-2021-35033 | Improper Authentication vulnerability in Zyxel products A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. | 7.8 |
| 2021-09-29 | CVE-2021-35027 | Path Traversal vulnerability in Zyxel Zywall Vpn2S Firmware 1.12(Abln.0)C0 A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. | 7.5 |
| 2021-09-29 | CVE-2021-35028 | OS Command Injection vulnerability in Zyxel Zywall Vpn2S Firmware 1.12(Abln.0)C0 A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. | 7.8 |