High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-27	CVE-2020-29299	Command Injection vulnerability in Zyxel products Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. network low complexity zyxel CWE-77	7.2
2020-12-14	CVE-2020-20183	Authorization Bypass Through User-Controlled Key vulnerability in Zyxel P1302-T10 V3 Firmware 2.00 Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. network low complexity zyxel CWE-639	7.5
2020-08-31	CVE-2020-24354	OS Command Injection vulnerability in Zyxel Vmg5313-B30B Firmware 5.11(Abcu.1)C0/5.13(Abcj.6)B31127 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. network low complexity zyxel CWE-78	8.8
2020-08-06	CVE-2020-13365	Improper Authentication vulnerability in Zyxel products Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. network low complexity zyxel CWE-287	8.8
2020-08-06	CVE-2020-13364	Unspecified vulnerability in Zyxel products A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. network low complexity zyxel	8.8
2020-06-26	CVE-2020-15336	Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. network low complexity zyxel CWE-306	7.5
2020-06-26	CVE-2020-15335	Missing Authentication for Critical Function vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. network low complexity zyxel CWE-306	7.5
2020-06-22	CVE-2020-14461	Path Traversal vulnerability in Zyxel Wap6806 Firmware 1.00(Abal.6)C0 Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. network low complexity zyxel CWE-22	8.6
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2019-11-14	CVE-2019-15804	Unspecified vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. network low complexity zyxel	7.5