← Back

Zyxel

zyxel

326 CVEs • 881 products

Products (881)

Click to collapse
Toggle
Cloudcnm Secumanager
cloudcnm_secumanager
35 CVEs
Gs1900 10hp Firmware
gs1900-10hp_firmware
34 CVEs
Usg Flex 100w Firmware
usg_flex_100w_firmware
34 CVEs
Usg Flex 200 Firmware
usg_flex_200_firmware
34 CVEs
Usg Flex 500 Firmware
usg_flex_500_firmware
34 CVEs
Usg Flex 700 Firmware
usg_flex_700_firmware
34 CVEs
Usg Flex 100 Firmware
usg_flex_100_firmware
30 CVEs
Emg3525 T50b Firmware
emg3525-t50b_firmware
26 CVEs
Emg5523 T50b Firmware
emg5523-t50b_firmware
26 CVEs
Vmg8623 T50b Firmware
vmg8623-t50b_firmware
26 CVEs
Usg Flex 50w Firmware
usg_flex_50w_firmware
26 CVEs
Atp200 Firmware
atp200_firmware
25 CVEs
Atp500 Firmware
atp500_firmware
25 CVEs
Atp800 Firmware
atp800_firmware
25 CVEs
Nas326 Firmware
nas326_firmware
24 CVEs
Vpn50 Firmware
vpn50_firmware
24 CVEs
Vpn100 Firmware
vpn100_firmware
24 CVEs
Vpn300 Firmware
vpn300_firmware
24 CVEs
Atp100 Firmware
atp100_firmware
24 CVEs
Vpn1000 Firmware
vpn1000_firmware
23 CVEs
Atp100w Firmware
atp100w_firmware
23 CVEs
Atp700 Firmware
atp700_firmware
23 CVEs
Vmg3625 T50b Firmware
vmg3625-t50b_firmware
23 CVEs
Usg Flex 50 Firmware
usg_flex_50_firmware
23 CVEs
Dx3301 T0 Firmware
dx3301-t0_firmware
22 CVEs
Ex3510 B0 Firmware
ex3510-b0_firmware
22 CVEs
Zld
zld
21 CVEs
Dx5401 B0 Firmware
dx5401-b0_firmware
21 CVEs
Emg5723 T50k Firmware
emg5723-t50k_firmware
21 CVEs
Vmg3927 T50k Firmware
vmg3927-t50k_firmware
21 CVEs
Vmg8825 T50k Firmware
vmg8825-t50k_firmware
21 CVEs
Ex3301 T0 Firmware
ex3301-t0_firmware
21 CVEs
Ex5510 B0 Firmware
ex5510-b0_firmware
21 CVEs
Ex5512 T0 Firmware
ex5512-t0_firmware
21 CVEs
Ex5601 T0 Firmware
ex5601-t0_firmware
21 CVEs
Ex5601 T1 Firmware
ex5601-t1_firmware
21 CVEs
Wx5600 T0 Firmware
wx5600-t0_firmware
21 CVEs
Pm7300 T0 Firmware
pm7300-t0_firmware
20 CVEs
Usg 20w Vpn Firmware
usg_20w-vpn_firmware
19 CVEs
Ex5401 B0 Firmware
ex5401-b0_firmware
19 CVEs
Dx4510 B1 Firmware
dx4510-b1_firmware
19 CVEs
Vmg4005 B50a Firmware
vmg4005-b50a_firmware
19 CVEs
Vmg4005 B60a Firmware
vmg4005-b60a_firmware
19 CVEs
Wx3100 T0 Firmware
wx3100-t0_firmware
19 CVEs
Dx5401 B1 Firmware
dx5401-b1_firmware
19 CVEs
Nas542 Firmware
nas542_firmware
18 CVEs
Ax7501 B0 Firmware
ax7501-b0_firmware
18 CVEs
Dx3300 T1 Firmware
dx3300-t1_firmware
18 CVEs
Ex3300 T1 Firmware
ex3300-t1_firmware
18 CVEs
Ex3500 T0 Firmware
ex3500-t0_firmware
18 CVEs
Ex3501 T0 Firmware
ex3501-t0_firmware
18 CVEs
Ex5401 B1 Firmware
ex5401-b1_firmware
18 CVEs
Ex7710 B0 Firmware
ex7710-b0_firmware
18 CVEs
Ax7501 B1 Firmware
ax7501-b1_firmware
18 CVEs
Px3321 T1 Firmware
px3321-t1_firmware
18 CVEs
Pm3100 T0 Firmware
pm3100-t0_firmware
17 CVEs
Pm5100 T0 Firmware
pm5100-t0_firmware
17 CVEs
Gs1900 8 Firmware
gs1900-8_firmware
16 CVEs
Gs1900 24 Firmware
gs1900-24_firmware
16 CVEs
Ex7501 B0 Firmware
ex7501-b0_firmware
16 CVEs
Ex3300 T0 Firmware
ex3300-t0_firmware
16 CVEs
Dx3300 T0 Firmware
dx3300-t0_firmware
16 CVEs
Zynos
zynos
15 CVEs
Usg20 Vpn Firmware
usg20-vpn_firmware
15 CVEs
Gs1900 8hp Firmware
gs1900-8hp_firmware
15 CVEs
Gs1900 16 Firmware
gs1900-16_firmware
15 CVEs
Gs1900 24e Firmware
gs1900-24e_firmware
15 CVEs
Gs1900 48 Firmware
gs1900-48_firmware
15 CVEs
Dx4510 B0 Firmware
dx4510-b0_firmware
15 CVEs
Ex3510 B1 Firmware
ex3510-b1_firmware
15 CVEs
Ex3600 T0 Firmware
ex3600-t0_firmware
15 CVEs
Usg 2200 Vpn Firmware
usg_2200-vpn_firmware
14 CVEs
Ex5501 B0 Firmware
ex5501-b0_firmware
14 CVEs
Wx3401 B0 Firmware
wx3401-b0_firmware
13 CVEs
Wx5610 B0 Firmware
wx5610-b0_firmware
13 CVEs
Ee6510 10 Firmware
ee6510-10_firmware
12 CVEs
Px5301 T0 Firmware
px5301-t0_firmware
12 CVEs
Usg20w Vpn Firmware
usg20w-vpn_firmware
11 CVEs
Nwa110ax Firmware
nwa110ax_firmware
11 CVEs
Nwa210ax Firmware
nwa210ax_firmware
11 CVEs
Wax510d Firmware
wax510d_firmware
11 CVEs
Wax610d Firmware
wax610d_firmware
11 CVEs
Wax630s Firmware
wax630s_firmware
11 CVEs
Wax650s Firmware
wax650s_firmware
11 CVEs
Usg210 Firmware
usg210_firmware
10 CVEs
Usg310 Firmware
usg310_firmware
10 CVEs
Lte3301 Plus Firmware
lte3301-plus_firmware
10 CVEs
Nwa50ax Firmware
nwa50ax_firmware
10 CVEs
Nwa55axe Firmware
nwa55axe_firmware
10 CVEs
Nwa90ax Firmware
nwa90ax_firmware
10 CVEs
Wac500h Firmware
wac500h_firmware
10 CVEs
Usg40 Firmware
usg40_firmware
9 CVEs
Usg40w Firmware
usg40w_firmware
9 CVEs
Usg60 Firmware
usg60_firmware
9 CVEs
Usg60w Firmware
usg60w_firmware
9 CVEs
Zywall Vpn100 Firmware
zywall_vpn100_firmware
9 CVEs
Zywall Vpn300 Firmware
zywall_vpn300_firmware
9 CVEs
Gs1900 24hp Firmware
gs1900-24hp_firmware
9 CVEs
Gs1900 48hp Firmware
gs1900-48hp_firmware
9 CVEs
Gs1900 24ep Firmware
gs1900-24ep_firmware
9 CVEs

CVEs (326)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-15332
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2020-15331
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVE-2020-15330
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
CVE-2020-15329
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
CVE-2020-15328
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
CVE-2020-15327
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVE-2020-15326
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
CVE-2020-15325
1Zyxel
1Cloudcnm Secumanager
Nov 21, 2024
Sep 29, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
CVE-2022-34746
1Zyxel
10Gs1900 10hp Firmware
Gs1900 16 FirmwareGs1900 24 Firmware+7 more
Nov 21, 2024
Sep 20, 2022
N/A· v4
5.9 MEDIUM· v3
N/A· v2
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability co...Show more
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.Show less
CVE-2022-34747
1Zyxel
1Nas326 Firmware
Nov 21, 2024
Sep 6, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
CVE-2022-30526
1Zyxel
25Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+22 more
Nov 21, 2024
Jul 19, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 t...Show more
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.Show less
CVE-2022-2030
1Zyxel
25Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+22 more
Nov 21, 2024
Jul 19, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200...Show more
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.Show less
CVE-2022-0823
1Zyxel
4Gs1200 5 Firmware
Gs1200 5hp FirmwareGs1200 8 Firmware+1 more
Nov 21, 2024
Jun 9, 2022
N/A· v4
6.2 MEDIUM· v3
2.1 LOW· v2
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
CVE-2022-26532
1Zyxel
65Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+62 more
Nov 21, 2024
May 24, 2022
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32...Show more
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.Show less
CVE-2022-26531
1Zyxel
65Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+62 more
Nov 21, 2024
May 24, 2022
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versi...Show more
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.Show less
CVE-2022-0910
1Zyxel
32Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+29 more
Nov 21, 2024
May 24, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21...Show more
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.Show less
CVE-2022-0734
1Zyxel
32Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+29 more
Nov 21, 2024
May 24, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.3...Show more
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.Show less
CVE-2022-30525
1Zyxel
16Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+13 more
Oct 27, 2025
May 12, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00...Show more
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.Show less
CVE-2022-26414
1Zyxel
32Ax7501 B0 Firmware
Dx5401 B0 FirmwareEmg3525 T50b Firmware+29 more
Nov 21, 2024
Apr 11, 2022
N/A· v4
5.5 MEDIUM· v3
4.9 MEDIUM· v2
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of s...Show more
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.Show less
CVE-2022-26413
1Zyxel
32Ax7501 B0 Firmware
Dx5401 B0 FirmwareEmg3525 T50b Firmware+29 more
Nov 21, 2024
Apr 11, 2022
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN inte...Show more
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.Show less