Vulnerabilities > Zyxel > Zywall Vpn300 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-34139 OS Command Injection vulnerability in Zyxel products
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
low complexity
zyxel CWE-78
8.8
2021-07-02 CVE-2021-35029 Improper Authentication vulnerability in Zyxel products
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
network
low complexity
zyxel CWE-287
critical
9.8
2019-06-27 CVE-2019-12583 Forced Browsing vulnerability in Zyxel products
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator.
network
low complexity
zyxel CWE-425
critical
9.1