12 matches found
CVE-2024-7261
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...
CVE-2024-7261
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...
CVE-2024-7261
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70ABVT.4 and earlier, WAC500 firmware version 6.70ABVS.4 and earlier, WAX655E firmware version 7.00ACDO.1 and earlier, WBE530 firmware version 7.00ACLE.1 and earlier,...
Zyxel多款产品 操作系统命令注入漏洞
Zyxel NWA1123ACv3 is a hybrid access point, Zyxel WAC500 is a dual-radio unified access point, and Zyxel WBE530 is a triple-radio unified access point. An operating system command injection vulnerability exists in several Zyxel products due to an improperly neutralized special element in the...
PT-2024-6139 · Zyxel · Wax655E +4
Name of the Vulnerable Software and Affected Versions: Zyxel NWA1123ACv3 versions 6.70ABVT.4 and earlier Zyxel WAC500 versions 6.70ABVS.4 and earlier Zyxel WAX655E versions 7.00ACDO.1 and earlier Zyxel WBE530 versions 7.00ACLE.1 and earlier Zyxel USG LITE 60AX version V2.00ACIP.2 Description: The...
CVE-2023-6398
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN...
CVE-2023-6398
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN...
CVE-2023-6398
CVE-2023-6398 is a post-authentication command-injection vulnerability in Zyxel devices where the file upload binary can be abused by an authenticated administrator to execute OS commands on the device via FTP. Affected products include ZyXEL ATP series (4.32–5.37 Patch 1), USG FLEX series (4.50–...
CVE-2023-5797
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...
Privilege escalation
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...
CVE-2023-22918
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, VPN series...
CVE-2022-26531
CVE-2022-26531 stems from multiple improper input validation flaws in Zyxel devices (USG/ZyWALL, USG FLEX, ATP, VPN, NSG, NXC2500, NAP203, NWA50AX, WAC500, WAX510D) across firmware ranges up to 4.71/5.21/6.x, enabling a local authenticated attacker to trigger a buffer overflow or system crash via...