Vulnerabilities > Zyxel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-17 | CVE-2022-45440 | Link Following vulnerability in Zyxel Ax7501-B0 Firmware 5.17(Abpc.1)C0 A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. | 4.4 |
| 2023-01-11 | CVE-2022-43391 | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. | 6.5 |
| 2023-01-11 | CVE-2022-43392 | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request. | 6.5 |
| 2022-12-06 | CVE-2022-40603 | Cross-site Scripting vulnerability in Zyxel products A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. | 6.1 |
| 2022-09-29 | CVE-2020-15325 | Cleartext Storage of Sensitive Information vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | 5.3 |
| 2022-09-29 | CVE-2020-15326 | Use of Hard-coded Credentials vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | 5.3 |
| 2022-09-29 | CVE-2020-15328 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | 5.3 |
| 2022-09-29 | CVE-2020-15329 | Incorrect Permission Assignment for Critical Resource vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | 5.3 |
| 2022-09-29 | CVE-2020-15330 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | 5.3 |
| 2022-09-29 | CVE-2020-15333 | SQL Injection vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | 5.3 |