← Back

Zyxel

zyxel

326 CVEs • 881 products

Products (881)

Click to collapse
Toggle
Cloudcnm Secumanager
cloudcnm_secumanager
35 CVEs
Gs1900 10hp Firmware
gs1900-10hp_firmware
34 CVEs
Usg Flex 100w Firmware
usg_flex_100w_firmware
34 CVEs
Usg Flex 200 Firmware
usg_flex_200_firmware
34 CVEs
Usg Flex 500 Firmware
usg_flex_500_firmware
34 CVEs
Usg Flex 700 Firmware
usg_flex_700_firmware
34 CVEs
Usg Flex 100 Firmware
usg_flex_100_firmware
30 CVEs
Emg3525 T50b Firmware
emg3525-t50b_firmware
26 CVEs
Emg5523 T50b Firmware
emg5523-t50b_firmware
26 CVEs
Vmg8623 T50b Firmware
vmg8623-t50b_firmware
26 CVEs
Usg Flex 50w Firmware
usg_flex_50w_firmware
26 CVEs
Atp200 Firmware
atp200_firmware
25 CVEs
Atp500 Firmware
atp500_firmware
25 CVEs
Atp800 Firmware
atp800_firmware
25 CVEs
Nas326 Firmware
nas326_firmware
24 CVEs
Vpn50 Firmware
vpn50_firmware
24 CVEs
Vpn100 Firmware
vpn100_firmware
24 CVEs
Vpn300 Firmware
vpn300_firmware
24 CVEs
Atp100 Firmware
atp100_firmware
24 CVEs
Vpn1000 Firmware
vpn1000_firmware
23 CVEs
Atp100w Firmware
atp100w_firmware
23 CVEs
Atp700 Firmware
atp700_firmware
23 CVEs
Vmg3625 T50b Firmware
vmg3625-t50b_firmware
23 CVEs
Usg Flex 50 Firmware
usg_flex_50_firmware
23 CVEs
Dx3301 T0 Firmware
dx3301-t0_firmware
22 CVEs
Ex3510 B0 Firmware
ex3510-b0_firmware
22 CVEs
Zld
zld
21 CVEs
Dx5401 B0 Firmware
dx5401-b0_firmware
21 CVEs
Emg5723 T50k Firmware
emg5723-t50k_firmware
21 CVEs
Vmg3927 T50k Firmware
vmg3927-t50k_firmware
21 CVEs
Vmg8825 T50k Firmware
vmg8825-t50k_firmware
21 CVEs
Ex3301 T0 Firmware
ex3301-t0_firmware
21 CVEs
Ex5510 B0 Firmware
ex5510-b0_firmware
21 CVEs
Ex5512 T0 Firmware
ex5512-t0_firmware
21 CVEs
Ex5601 T0 Firmware
ex5601-t0_firmware
21 CVEs
Ex5601 T1 Firmware
ex5601-t1_firmware
21 CVEs
Wx5600 T0 Firmware
wx5600-t0_firmware
21 CVEs
Pm7300 T0 Firmware
pm7300-t0_firmware
20 CVEs
Usg 20w Vpn Firmware
usg_20w-vpn_firmware
19 CVEs
Ex5401 B0 Firmware
ex5401-b0_firmware
19 CVEs
Dx4510 B1 Firmware
dx4510-b1_firmware
19 CVEs
Vmg4005 B50a Firmware
vmg4005-b50a_firmware
19 CVEs
Vmg4005 B60a Firmware
vmg4005-b60a_firmware
19 CVEs
Wx3100 T0 Firmware
wx3100-t0_firmware
19 CVEs
Dx5401 B1 Firmware
dx5401-b1_firmware
19 CVEs
Nas542 Firmware
nas542_firmware
18 CVEs
Ax7501 B0 Firmware
ax7501-b0_firmware
18 CVEs
Dx3300 T1 Firmware
dx3300-t1_firmware
18 CVEs
Ex3300 T1 Firmware
ex3300-t1_firmware
18 CVEs
Ex3500 T0 Firmware
ex3500-t0_firmware
18 CVEs
Ex3501 T0 Firmware
ex3501-t0_firmware
18 CVEs
Ex5401 B1 Firmware
ex5401-b1_firmware
18 CVEs
Ex7710 B0 Firmware
ex7710-b0_firmware
18 CVEs
Ax7501 B1 Firmware
ax7501-b1_firmware
18 CVEs
Px3321 T1 Firmware
px3321-t1_firmware
18 CVEs
Pm3100 T0 Firmware
pm3100-t0_firmware
17 CVEs
Pm5100 T0 Firmware
pm5100-t0_firmware
17 CVEs
Gs1900 8 Firmware
gs1900-8_firmware
16 CVEs
Gs1900 24 Firmware
gs1900-24_firmware
16 CVEs
Ex7501 B0 Firmware
ex7501-b0_firmware
16 CVEs
Ex3300 T0 Firmware
ex3300-t0_firmware
16 CVEs
Dx3300 T0 Firmware
dx3300-t0_firmware
16 CVEs
Zynos
zynos
15 CVEs
Usg20 Vpn Firmware
usg20-vpn_firmware
15 CVEs
Gs1900 8hp Firmware
gs1900-8hp_firmware
15 CVEs
Gs1900 16 Firmware
gs1900-16_firmware
15 CVEs
Gs1900 24e Firmware
gs1900-24e_firmware
15 CVEs
Gs1900 48 Firmware
gs1900-48_firmware
15 CVEs
Dx4510 B0 Firmware
dx4510-b0_firmware
15 CVEs
Ex3510 B1 Firmware
ex3510-b1_firmware
15 CVEs
Ex3600 T0 Firmware
ex3600-t0_firmware
15 CVEs
Usg 2200 Vpn Firmware
usg_2200-vpn_firmware
14 CVEs
Ex5501 B0 Firmware
ex5501-b0_firmware
14 CVEs
Wx3401 B0 Firmware
wx3401-b0_firmware
13 CVEs
Wx5610 B0 Firmware
wx5610-b0_firmware
13 CVEs
Ee6510 10 Firmware
ee6510-10_firmware
12 CVEs
Px5301 T0 Firmware
px5301-t0_firmware
12 CVEs
Usg20w Vpn Firmware
usg20w-vpn_firmware
11 CVEs
Nwa110ax Firmware
nwa110ax_firmware
11 CVEs
Nwa210ax Firmware
nwa210ax_firmware
11 CVEs
Wax510d Firmware
wax510d_firmware
11 CVEs
Wax610d Firmware
wax610d_firmware
11 CVEs
Wax630s Firmware
wax630s_firmware
11 CVEs
Wax650s Firmware
wax650s_firmware
11 CVEs
Usg210 Firmware
usg210_firmware
10 CVEs
Usg310 Firmware
usg310_firmware
10 CVEs
Lte3301 Plus Firmware
lte3301-plus_firmware
10 CVEs
Nwa50ax Firmware
nwa50ax_firmware
10 CVEs
Nwa55axe Firmware
nwa55axe_firmware
10 CVEs
Nwa90ax Firmware
nwa90ax_firmware
10 CVEs
Wac500h Firmware
wac500h_firmware
10 CVEs
Usg40 Firmware
usg40_firmware
9 CVEs
Usg40w Firmware
usg40w_firmware
9 CVEs
Usg60 Firmware
usg60_firmware
9 CVEs
Usg60w Firmware
usg60w_firmware
9 CVEs
Zywall Vpn100 Firmware
zywall_vpn100_firmware
9 CVEs
Zywall Vpn300 Firmware
zywall_vpn300_firmware
9 CVEs
Gs1900 24hp Firmware
gs1900-24hp_firmware
9 CVEs
Gs1900 48hp Firmware
gs1900-48hp_firmware
9 CVEs
Gs1900 24ep Firmware
gs1900-24ep_firmware
9 CVEs

CVEs (326)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-1259
1Zyxel
1P 2602hw D1a
Apr 23, 2026
Mar 10, 2008
N/A· v4
N/A· v3
9.3 HIGH· v2
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user wh...Show more
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.Show less
CVE-2008-1257
1Zyxel
4P 660hw
P 660hw D1P 660hw D3+1 more
Apr 23, 2026
Mar 10, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.
CVE-2008-1256
1Zyxel
1P 660hw
Apr 23, 2026
Mar 10, 2008
N/A· v4
N/A· v3
10.0 HIGH· v2
The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access.
CVE-2008-1255
1Zyxel
1P 660hw
Apr 23, 2026
Mar 10, 2008
N/A· v4
N/A· v3
10.0 HIGH· v2
The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.
CVE-2008-1254
1Zyxel
1P 660hw
Apr 23, 2026
Mar 10, 2008
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the "bannedlist" via unspecified vectors.
CVE-2007-4319
1Zyxel
2Zynos
Zywall 2
Apr 23, 2026
Aug 13, 2007
N/A· v4
N/A· v3
4.0 MEDIUM· v2
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: thi...Show more
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE.Show less
CVE-2007-4318
1Zyxel
2Zynos
Zywall 2
Apr 23, 2026
Aug 13, 2007
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script...Show more
Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.Show less
CVE-2007-4317
1Zyxel
2Zynos
Zywall 2
Apr 23, 2026
Aug 13, 2007
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as dem...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters.Show less
CVE-2007-4316
1Zyxel
2Zynos
Zywall 2
Apr 23, 2026
Aug 13, 2007
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.
CVE-2007-1586
1Zyxel
1Zynos
Apr 23, 2026
Mar 21, 2007
N/A· v4
N/A· v3
7.8 HIGH· v2
ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol.
CVE-2006-3929
1Zyxel
1Prestige 660h 61
Apr 16, 2026
Jul 31, 2006
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-enco...Show more
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.Show less
CVE-2006-2562
1Zyxel
1P 335wt Router
Apr 16, 2026
May 24, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using...Show more
ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.Show less
CVE-2006-0302
1Zyxel
1P2000w Version 2 Voip Wifi Phone
Apr 16, 2026
Jan 19, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090.
CVE-2005-3725
1Zyxel
1Prestige 2000w V.1voip Wi Fi Phone
Apr 16, 2026
Nov 21, 2005
N/A· v4
N/A· v3
6.4 MEDIUM· v2
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcod...Show more
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.Show less
CVE-2005-3724
1Zyxel
2P2000w Version 1 Voip Wifi Phone
Prestige 2000w V.1voip Wi Fi Phone
Apr 16, 2026
Nov 21, 2005
N/A· v4
N/A· v3
6.4 MEDIUM· v2
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not...Show more
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.Show less
CVE-2005-1717
1Zyxel
1Prestige 650r 31
Apr 16, 2026
May 24, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets.
CVE-2005-0328
2Netgear
Zyxel
3Prestige
Rt311Rt314
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP...Show more
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.Show less
CVE-2004-1789
1Zyxel
1Zywall10
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.
CVE-2004-1540
1Zyxel
2Prestige
Zynos
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router...Show more
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.Show less
CVE-2004-1684
1Zyxel
2Prestige
Zynos
Apr 16, 2026
Sep 13, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.