Vulnerabilities > Zyxel > Zywall Vpn2S Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-34139 OS Command Injection vulnerability in Zyxel products
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
low complexity
zyxel CWE-78
8.8
2021-09-29 CVE-2021-35027 Path Traversal vulnerability in Zyxel Zywall Vpn2S Firmware 1.12(Abln.0)C0
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.
network
low complexity
zyxel CWE-22
7.5
2021-09-29 CVE-2021-35028 OS Command Injection vulnerability in Zyxel Zywall Vpn2S Firmware 1.12(Abln.0)C0
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.
local
low complexity
zyxel CWE-78
7.8