Vulnerabilities > Zyxel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-29 | CVE-2021-35027 | Path Traversal vulnerability in Zyxel Zywall Vpn2S Firmware 1.12(Abln.0)C0 A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. | 7.5 |
| 2021-09-29 | CVE-2021-35028 | OS Command Injection vulnerability in Zyxel Zywall Vpn2S Firmware 1.12(Abln.0)C0 A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. | 7.8 |
| 2021-01-26 | CVE-2021-3297 | Improper Authentication vulnerability in Zyxel Nbg2105 Firmware V1.00(Aagu.2)C0 On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | 7.8 |
| 2020-12-27 | CVE-2020-29299 | Command Injection vulnerability in Zyxel products Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. | 7.2 |
| 2020-12-14 | CVE-2020-20183 | Authorization Bypass Through User-Controlled Key vulnerability in Zyxel P1302-T10 V3 Firmware 2.00 Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. | 7.5 |
| 2020-08-31 | CVE-2020-24354 | OS Command Injection vulnerability in Zyxel Vmg5313-B30B Firmware 5.11(Abcu.1)C0/5.13(Abcj.6)B31127 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | 8.8 |
| 2020-08-06 | CVE-2020-13365 | Improper Authentication vulnerability in Zyxel products Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. | 8.8 |
| 2020-08-06 | CVE-2020-13364 | Unspecified vulnerability in Zyxel products A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. | 8.8 |
| 2020-06-26 | CVE-2020-15336 | Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | 7.5 |
| 2020-06-26 | CVE-2020-15335 | Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | 7.5 |