Vulnerabilities > Zyxel > Usg2200 VPN Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-35029 Improper Authentication vulnerability in Zyxel products
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
network
low complexity
zyxel CWE-287
critical
9.8
2019-06-27 CVE-2019-12583 Forced Browsing vulnerability in Zyxel products
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator.
network
low complexity
zyxel CWE-425
critical
9.1