Vulnerabilities > Zyxel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-10 | CVE-2008-1254 | Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-660Hw Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors. | 6.8 |
| 2007-08-13 | CVE-2007-4319 | Remote vulnerability in Zyxel Zynos and Zywall 2 The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. | 4.0 |
| 2007-08-13 | CVE-2007-4318 | Cross-Site Scripting vulnerability in Zyxel Zynos and Zywall 2 Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. network zyxel | 4.3 |
| 2007-08-13 | CVE-2007-4317 | Remote vulnerability in Zyxel Zynos and Zywall 2 Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. network zyxel | 4.3 |
| 2007-08-13 | CVE-2007-4316 | Remote Security vulnerability in Zyxel Zynos and Zywall 2 The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions. network zyxel | 4.3 |
| 2006-07-31 | CVE-2006-3929 | Cross-Site Scripting vulnerability in Zyxel Prestige 660H-61 Firmware3.40Pt.0B32 Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. network zyxel | 4.3 |
| 2006-01-19 | CVE-2006-0302 | Information Disclosure vulnerability in Zyxel P2000W Version 2 Voip Wifi Phone Wv.00.02 ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090. | 5.0 |
| 2005-11-21 | CVE-2005-3725 | Information Disclosure vulnerability in Zyxel Prestige 2000W V.1Voip Wi-Fi Phone Wj.00.10 Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. | 6.4 |
| 2005-11-21 | CVE-2005-3724 | Information Exposure vulnerability in Zyxel products Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | 6.4 |
| 2005-05-24 | CVE-2005-1717 | Remote Denial of Service vulnerability in Zyxel Prestige 650R-31 3.40Ko.1 ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | 5.0 |