Vulnerabilities > Zyxel > Zywall VPN 300 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-34139 OS Command Injection vulnerability in Zyxel products
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
low complexity
zyxel CWE-78
8.8
2018-08-15 CVE-2018-9129 Unspecified vulnerability in Zyxel products
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.
network
high complexity
zyxel
5.9