Vulnerabilities > Zyxel > Usg60W Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-28 CVE-2022-0342 Improper Authentication vulnerability in Zyxel products
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
network
low complexity
zyxel CWE-287
critical
9.8
2021-07-02 CVE-2021-35029 Improper Authentication vulnerability in Zyxel products
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
network
low complexity
zyxel CWE-287
critical
9.8
2020-12-22 CVE-2020-29583 Insufficiently Protected Credentials vulnerability in Zyxel products
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.
network
low complexity
zyxel CWE-522
critical
9.8
2020-03-04 CVE-2020-9054 OS Command Injection vulnerability in Zyxel products
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.
network
low complexity
zyxel CWE-78
critical
9.8