High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-22	CVE-2020-14461	Path Traversal vulnerability in Zyxel Wap6806 Firmware 1.00(Abal.6)C0 Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. network low complexity zyxel CWE-22	8.6
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2019-11-14	CVE-2019-15804	Unspecified vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. network low complexity zyxel	7.5
2019-11-14	CVE-2019-15801	Use of Hard-coded Credentials vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. network low complexity zyxel CWE-798	7.5
2019-11-14	CVE-2019-15799	Improper Privilege Management vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. network low complexity zyxel CWE-269	8.8
2019-05-02	CVE-2017-18374	Use of Hard-coded Credentials vulnerability in multiple products The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. network low complexity billion zyxel CWE-798	8.8
2019-05-02	CVE-2017-18372	OS Command Injection vulnerability in multiple products The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. network low complexity billion zyxel CWE-78	8.8
2019-05-02	CVE-2017-18370	OS Command Injection vulnerability in multiple products The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. network low complexity billion zyxel CWE-78	8.8
2019-04-09	CVE-2019-10633	Code Injection vulnerability in Zyxel Nas326 Firmware 5.21 An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. network low complexity zyxel CWE-94	8.8
2019-04-09	CVE-2019-10631	OS Command Injection vulnerability in Zyxel Nas326 Firmware 5.21 Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. network low complexity zyxel CWE-78	8.8