Vulnerabilities > Zyxel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-14893 | Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81 A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | 8.8 |
| 2018-11-27 | CVE-2018-14892 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Nsa325 V2 Firmware 4.81 Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | 8.8 |
| 2018-11-17 | CVE-2018-19326 | Path Traversal vulnerability in Zyxel Vmg1312-B10D Firmware Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | 7.5 |
| 2018-11-10 | CVE-2017-17550 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel Zywall USG 100 Firmware 2.12(Aqq.2)/3.30(Aqq.7) ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. | 8.8 |
| 2018-01-16 | CVE-2018-5330 | Unspecified vulnerability in Zyxel P-660Hw V3 Firmware ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | 7.5 |
| 2017-12-29 | CVE-2017-17901 | Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | 7.5 |
| 2017-07-25 | CVE-2016-10401 | Credentials Management vulnerability in Zyxel Pk5001Z Firmware ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | 8.8 |
| 2017-04-06 | CVE-2017-6884 | OS Command Injection vulnerability in Zyxel Emg2926 Firmware V1.00(Aaqt.4)B8 A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. | 8.8 |
| 2017-02-21 | CVE-2016-10227 | Resource Management Errors vulnerability in Zyxel Nwa3560-N Firmware and Usg50 Firmware Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. | 7.5 |
| 2016-04-06 | CVE-2015-6313 | Resource Management Errors vulnerability in multiple products Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. | 7.5 |