Vulnerabilities > Zyxel > ZLD

DATE CVE VULNERABILITY TITLE RISK
2020-12-27 CVE-2020-29299 Command Injection vulnerability in Zyxel products
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action.
network
low complexity
zyxel CWE-77
7.2
2020-11-27 CVE-2020-25014 Out-of-bounds Write vulnerability in Zyxel Access Points Firmware and ZLD
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
network
low complexity
zyxel CWE-787
critical
9.8