← Back

Zyxel

zyxel

326 CVEs • 881 products

Products (881)

Click to collapse
Toggle
Cloudcnm Secumanager
cloudcnm_secumanager
35 CVEs
Gs1900 10hp Firmware
gs1900-10hp_firmware
34 CVEs
Usg Flex 100w Firmware
usg_flex_100w_firmware
34 CVEs
Usg Flex 200 Firmware
usg_flex_200_firmware
34 CVEs
Usg Flex 500 Firmware
usg_flex_500_firmware
34 CVEs
Usg Flex 700 Firmware
usg_flex_700_firmware
34 CVEs
Usg Flex 100 Firmware
usg_flex_100_firmware
30 CVEs
Emg3525 T50b Firmware
emg3525-t50b_firmware
26 CVEs
Emg5523 T50b Firmware
emg5523-t50b_firmware
26 CVEs
Vmg8623 T50b Firmware
vmg8623-t50b_firmware
26 CVEs
Usg Flex 50w Firmware
usg_flex_50w_firmware
26 CVEs
Atp200 Firmware
atp200_firmware
25 CVEs
Atp500 Firmware
atp500_firmware
25 CVEs
Atp800 Firmware
atp800_firmware
25 CVEs
Nas326 Firmware
nas326_firmware
24 CVEs
Vpn50 Firmware
vpn50_firmware
24 CVEs
Vpn100 Firmware
vpn100_firmware
24 CVEs
Vpn300 Firmware
vpn300_firmware
24 CVEs
Atp100 Firmware
atp100_firmware
24 CVEs
Vpn1000 Firmware
vpn1000_firmware
23 CVEs
Atp100w Firmware
atp100w_firmware
23 CVEs
Atp700 Firmware
atp700_firmware
23 CVEs
Vmg3625 T50b Firmware
vmg3625-t50b_firmware
23 CVEs
Usg Flex 50 Firmware
usg_flex_50_firmware
23 CVEs
Dx3301 T0 Firmware
dx3301-t0_firmware
22 CVEs
Ex3510 B0 Firmware
ex3510-b0_firmware
22 CVEs
Zld
zld
21 CVEs
Dx5401 B0 Firmware
dx5401-b0_firmware
21 CVEs
Emg5723 T50k Firmware
emg5723-t50k_firmware
21 CVEs
Vmg3927 T50k Firmware
vmg3927-t50k_firmware
21 CVEs
Vmg8825 T50k Firmware
vmg8825-t50k_firmware
21 CVEs
Ex3301 T0 Firmware
ex3301-t0_firmware
21 CVEs
Ex5510 B0 Firmware
ex5510-b0_firmware
21 CVEs
Ex5512 T0 Firmware
ex5512-t0_firmware
21 CVEs
Ex5601 T0 Firmware
ex5601-t0_firmware
21 CVEs
Ex5601 T1 Firmware
ex5601-t1_firmware
21 CVEs
Wx5600 T0 Firmware
wx5600-t0_firmware
21 CVEs
Pm7300 T0 Firmware
pm7300-t0_firmware
20 CVEs
Usg 20w Vpn Firmware
usg_20w-vpn_firmware
19 CVEs
Ex5401 B0 Firmware
ex5401-b0_firmware
19 CVEs
Dx4510 B1 Firmware
dx4510-b1_firmware
19 CVEs
Vmg4005 B50a Firmware
vmg4005-b50a_firmware
19 CVEs
Vmg4005 B60a Firmware
vmg4005-b60a_firmware
19 CVEs
Wx3100 T0 Firmware
wx3100-t0_firmware
19 CVEs
Dx5401 B1 Firmware
dx5401-b1_firmware
19 CVEs
Nas542 Firmware
nas542_firmware
18 CVEs
Ax7501 B0 Firmware
ax7501-b0_firmware
18 CVEs
Dx3300 T1 Firmware
dx3300-t1_firmware
18 CVEs
Ex3300 T1 Firmware
ex3300-t1_firmware
18 CVEs
Ex3500 T0 Firmware
ex3500-t0_firmware
18 CVEs
Ex3501 T0 Firmware
ex3501-t0_firmware
18 CVEs
Ex5401 B1 Firmware
ex5401-b1_firmware
18 CVEs
Ex7710 B0 Firmware
ex7710-b0_firmware
18 CVEs
Ax7501 B1 Firmware
ax7501-b1_firmware
18 CVEs
Px3321 T1 Firmware
px3321-t1_firmware
18 CVEs
Pm3100 T0 Firmware
pm3100-t0_firmware
17 CVEs
Pm5100 T0 Firmware
pm5100-t0_firmware
17 CVEs
Gs1900 8 Firmware
gs1900-8_firmware
16 CVEs
Gs1900 24 Firmware
gs1900-24_firmware
16 CVEs
Ex7501 B0 Firmware
ex7501-b0_firmware
16 CVEs
Ex3300 T0 Firmware
ex3300-t0_firmware
16 CVEs
Dx3300 T0 Firmware
dx3300-t0_firmware
16 CVEs
Zynos
zynos
15 CVEs
Usg20 Vpn Firmware
usg20-vpn_firmware
15 CVEs
Gs1900 8hp Firmware
gs1900-8hp_firmware
15 CVEs
Gs1900 16 Firmware
gs1900-16_firmware
15 CVEs
Gs1900 24e Firmware
gs1900-24e_firmware
15 CVEs
Gs1900 48 Firmware
gs1900-48_firmware
15 CVEs
Dx4510 B0 Firmware
dx4510-b0_firmware
15 CVEs
Ex3510 B1 Firmware
ex3510-b1_firmware
15 CVEs
Ex3600 T0 Firmware
ex3600-t0_firmware
15 CVEs
Usg 2200 Vpn Firmware
usg_2200-vpn_firmware
14 CVEs
Ex5501 B0 Firmware
ex5501-b0_firmware
14 CVEs
Wx3401 B0 Firmware
wx3401-b0_firmware
13 CVEs
Wx5610 B0 Firmware
wx5610-b0_firmware
13 CVEs
Ee6510 10 Firmware
ee6510-10_firmware
12 CVEs
Px5301 T0 Firmware
px5301-t0_firmware
12 CVEs
Usg20w Vpn Firmware
usg20w-vpn_firmware
11 CVEs
Nwa110ax Firmware
nwa110ax_firmware
11 CVEs
Nwa210ax Firmware
nwa210ax_firmware
11 CVEs
Wax510d Firmware
wax510d_firmware
11 CVEs
Wax610d Firmware
wax610d_firmware
11 CVEs
Wax630s Firmware
wax630s_firmware
11 CVEs
Wax650s Firmware
wax650s_firmware
11 CVEs
Usg210 Firmware
usg210_firmware
10 CVEs
Usg310 Firmware
usg310_firmware
10 CVEs
Lte3301 Plus Firmware
lte3301-plus_firmware
10 CVEs
Nwa50ax Firmware
nwa50ax_firmware
10 CVEs
Nwa55axe Firmware
nwa55axe_firmware
10 CVEs
Nwa90ax Firmware
nwa90ax_firmware
10 CVEs
Wac500h Firmware
wac500h_firmware
10 CVEs
Usg40 Firmware
usg40_firmware
9 CVEs
Usg40w Firmware
usg40w_firmware
9 CVEs
Usg60 Firmware
usg60_firmware
9 CVEs
Usg60w Firmware
usg60w_firmware
9 CVEs
Zywall Vpn100 Firmware
zywall_vpn100_firmware
9 CVEs
Zywall Vpn300 Firmware
zywall_vpn300_firmware
9 CVEs
Gs1900 24hp Firmware
gs1900-24hp_firmware
9 CVEs
Gs1900 48hp Firmware
gs1900-48hp_firmware
9 CVEs
Gs1900 24ep Firmware
gs1900-24ep_firmware
9 CVEs

CVEs (326)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0556
1Zyxel
1Zyxel Ap Configurator
Nov 21, 2024
Apr 11, 2022
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a loca...Show more
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.Show less
CVE-2022-0342
1Zyxel
23Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+20 more
Nov 21, 2024
Mar 28, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.2...Show more
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.Show less
CVE-2021-46387
1Zyxel
1Zywall 2 Plus Internet Security Appliance Firmware
Nov 21, 2024
Mar 1, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to exec...Show more
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.Show less
CVE-2021-4039
1Zyxel
1Nwa1100 Nh Firmware
Nov 21, 2024
Mar 1, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.
CVE-2021-35036
1Zyxel
31Ax7501 B0 Firmware
Dx3301 T0 FirmwareDx5401 B0 Firmware+28 more
Nov 21, 2024
Mar 1, 2022
N/A· v4
6.5 MEDIUM· v3
3.5 LOW· v2
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
CVE-2021-4030
1Zyxel
2Nbg6816 Firmware
Nbg6817 Firmware
Nov 21, 2024
Feb 24, 2022
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website wi...Show more
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts.Show less
CVE-2021-4029
1Zyxel
2Nbg6816 Firmware
Nbg6817 Firmware
Nov 21, 2024
Feb 24, 2022
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.
CVE-2021-35035
1Zyxel
1Nbg6604 Firmware
Nov 21, 2024
Dec 29, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
CVE-2021-35034
1Zyxel
1Nbg6604 Firmware
Nov 21, 2024
Dec 29, 2021
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.
CVE-2021-35032
1Zyxel
12Gs1900 10hp Firmware
Gs1900 16 FirmwareGs1900 24 Firmware+9 more
Nov 21, 2024
Dec 28, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
CVE-2021-35031
1Zyxel
14Gs1900 10hp Firmware
Gs1900 16 FirmwareGs1900 24 Firmware+11 more
Nov 21, 2024
Dec 28, 2021
N/A· v4
8.0 HIGH· v3
7.7 HIGH· v2
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vu...Show more
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.Show less
CVE-2021-35033
1Zyxel
6Nbg6818 Firmware
Nbg7815 FirmwareWsq20 Firmware+3 more
Nov 21, 2024
Nov 23, 2021
N/A· v4
7.8 HIGH· v3
6.9 MEDIUM· v2
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local at...Show more
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.Show less
CVE-2021-35028
1Zyxel
1Zywall Vpn2s Firmware
Nov 21, 2024
Sep 29, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.
CVE-2021-35027
1Zyxel
1Zywall Vpn2s Firmware
Nov 21, 2024
Sep 29, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.
CVE-2021-35030
1Zyxel
12Gs1900 10hp Firmware
Gs1900 16 FirmwareGs1900 24 Firmware+9 more
Nov 21, 2024
Jul 26, 2021
N/A· v4
4.3 MEDIUM· v3
2.3 LOW· v2
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS)...Show more
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.Show less
CVE-2021-35029
1Zyxel
37Usg1000 Firmware
Usg100 FirmwareUsg1100 Firmware+34 more
Nov 21, 2024
Jul 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which co...Show more
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.Show less
CVE-2020-28899
1Zyxel
3Lte4506 M606 Firmware
Lte7460 M608 FirmwareWah7706 Firmware
Nov 21, 2024
Mar 16, 2021
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provi...Show more
The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi passphrase, send an SMS message, or modify the IP forwarding to access the internal network.Show less
CVE-2021-3297
1Zyxel
1Nbg2105 Firmware
Nov 25, 2025
Jan 26, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
CVE-2020-29299
1Zyxel
4Nsg Firmware
Usg Flex FirmwareVpn Orchestrator+1 more
Nov 21, 2024
Dec 27, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 wee...Show more
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.Show less
CVE-2020-29583
1Zyxel
30Atp100 Firmware
Atp100w FirmwareAtp200 Firmware+27 more
Nov 7, 2025
Dec 22, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by some...Show more
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.Show less