Vulnerabilities > Zyxel > Vpn100 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2022-0342 | Improper Authentication vulnerability in Zyxel products An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | 9.8 |
| 2020-12-22 | CVE-2020-29583 | Insufficiently Protected Credentials vulnerability in Zyxel products Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. | 9.8 |
| 2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 9.8 |
| 2019-04-22 | CVE-2019-9955 | Cross-site Scripting vulnerability in Zyxel products On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. | 6.1 |