CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

VulnCheck KEV: CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...

EUVD-2023-38241

Malicious code in bioql PyPI...

EUVD-2023-27016

Malicious code in bioql PyPI...

EUVD-2023-27015

Malicious code in bioql PyPI...

CVE-2023-22914

A path traversal vulnerability in the “accountprint.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS command...

CVE-2023-34139

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affecte...

CVE-2023-27990

The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...

CVE-2020-25014

A stack-based buffer overflow in fbwificontinue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet...

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

CVE-2024-42059

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...

Zyxel多款产品 操作系统命令注入漏洞

Zyxel USG20W-VPN and others are products of China Hopkins Zyxel.Zyxel USG20W-VPN is a firewall appliance for use in corporate environments.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel USG FLEX series firmware is a series of securit...

CVE-2023-6764

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, and USG20W-VPN series...

CVE-2023-35136

CVE-2023-35136 describes an improper input validation vulnerability in the Quagga package across Zyxel devices (ATP series 4.32–5.37; USG FLEX 4.50–5.37; USG FLEX 50(W) 4.16–5.37; USG20(W)-VPN 4.16–5.37; VPN series 4.30–5.37) that could allow an authenticated local attacker to access configuratio...

Zyxel ATP Input Validation Error Vulnerability

Zyxel ATP is a firewall from China-based Heqin Zyxel. The Zyxel ATP suffers from an input validation error vulnerability that stems from an incorrect input validation vulnerability in the Quagga program package, which allows an authenticated, local attacker to access configuration files on the...

PT-2023-7252 · Zyxel · Zyxel Vpn +1

Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX series firmware versions 4.50 through 5.37 Zyxel VPN series firmware versions 4.30 through 5.37 Description: The issue is related to improper privilege management in the hotspot feature of the affected devices. This could allow...

PT-2023-7251 · Zyxel · Zyxel Usg Flex Series +3

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series version 5.37 Zyxel USG FLEX series version 5.37 Zyxel USG FLEX 50W series version 5.37 Zyxel USG20W-VPN series version 5.37 Description: A buffer overflow issue in the firmware could allow an authenticated local attacker with...

CVE-2023-34139

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affecte...

Buffer overflow

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50W series firmware versions 4.16 through 5.36 Patch 2, USG20W-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN...

PT-2023-3606 · Zyxel · Zyxel Usg Flex Series +4

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 5.10 through 5.36 Patch 2 Zyxel USG FLEX series versions 5.00 through 5.36 Patch 2 Zyxel USG FLEX 50W series versions 5.10 through 5.36 Patch 2 Zyxel USG20W-VPN series versions 5.10 through 5.36 Patch 2 Zyxel VPN...