Vulnerabilities > Zyxel > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-10630 Insufficiently Protected Credentials vulnerability in Zyxel Nas326 Firmware 5.21
A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.
network
low complexity
zyxel CWE-522
8.8
8.8
2019-03-21 CVE-2019-7391 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel products
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
network
low complexity
zyxel CWE-352
8.8
8.8
2019-03-07 CVE-2019-6710 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nbg-418N Firmware 1.00(Aaxm.6)C0
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
network
low complexity
zyxel CWE-352
8.8
8.8
2018-11-27 CVE-2018-14893 Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
network
low complexity
zyxel CWE-77
8.8
8.8
2018-11-27 CVE-2018-14892 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
network
low complexity
zyxel CWE-352
8.8
8.8
2018-11-17 CVE-2018-19326 Path Traversal vulnerability in Zyxel Vmg1312-B10D Firmware
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
network
low complexity
zyxel CWE-22
7.5
7.5
2018-11-10 CVE-2017-17550 Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Zywall USG 100 Firmware 2.12(Aqq.2)/3.30(Aqq.7)
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account.
network
low complexity
zyxel CWE-352
8.8
8.8
2018-01-16 CVE-2018-5330 Unspecified vulnerability in Zyxel P-660Hw V3 Firmware
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.
network
low complexity
zyxel
7.5
7.5
2017-12-29 CVE-2017-17901 Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
network
low complexity
zyxel CWE-400
7.5
7.5
2017-07-25 CVE-2016-10401 Credentials Management vulnerability in Zyxel Pk5001Z Firmware
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
network
low complexity
zyxel CWE-255
8.8
8.8