Vulnerabilities > Zyxel > Zywall Vpn300 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-35029 | Improper Authentication vulnerability in Zyxel products An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. | 9.8 |
| 2019-06-27 | CVE-2019-12583 | Forced Browsing vulnerability in Zyxel products Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. | 9.1 |