Lucene search
K

54 matches found

CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

Zyxel多款产品 操作系统命令注入漏洞

Zyxel USG FLEX, among others, are products of the Chinese company Zyxel. Zyxel USG FLEX is a firewall. Zyxel ATP is also a firewall. Zyxel USG FLEX 50W/USG20W-VPN is a series of firewalls. Several Zyxel products have vulnerabilities related to operating system command injection. These...

7.2CVSS7.6AI score0.01354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/22 2:9 a.m.4 views

CVE-2025-8078

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...

7.2CVSS7.7AI score0.01484EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/21 12:0 a.m.7 views

Zyxel ATP series firmware和Zyxel USG FLEX series firmware 安全漏洞

Zyxel ATP series firmware and Zyxel USG FLEX series firmware are both products of the China-based company Zyxel.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel ATP series firmware is a series of firewall firmware. A security...

8.1CVSS9.1AI score0.05462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:51 a.m.4 views

CVE-2023-22913

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...

8.1CVSS7.5AI score0.01291EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/21 12:0 a.m.5 views

Zyxel USG FLEX H Series Firewall < 1.32 Privilege Escalation

Firmware version of the Zyxel USG is less than uOS 1.32. This means the Zyxel device is vulnerable to a privilege escalation vulnerability. The improper privilege management vulnerability in the recovery function of certain USG FLEX H series uOS firmware versions could allow an authenticated loca...

6.7CVSS5.5AI score0.002EPSS
Exploits2References2
OSV
OSV
added 2025/04/22 3:15 a.m.2 views

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

7.8CVSS5.8AI score0.0093EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.28 views

Zyxel USG FLEX 安全漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper privilege...

6.7CVSS6.6AI score0.002EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.52 views

Zyxel USG FLEX 安全漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper assignment of...

7.8CVSS6.7AI score0.0093EPSS
Exploits2References3
NCSC
NCSC
added 2024/09/03 9:51 a.m.4 views

Vulnerabilities fixed in Zyxel Flex and USG Firewalls

Zyxel has fixed vulnerabilities in the firmware of ATP and USG Flex firewalls. A malicious party can exploit the vulnerabilities to cause a denial-of-service, possibly unpatched execute a limited set of commands on the vulnerable system, or execute arbitrary code in the victim's browser through a...

8.1CVSS8AI score0.01339EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.5 views

Zyxel ATP series firmware和Zyxel USG FLEX series firmware 操作系统命令注入漏洞

Zyxel ATP series firmware and Zyxel USG FLEX series firmware are both products of the Chinese company Zyxel.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel ATP series firmware is a series of firewall firmware. An operating system...

7.2CVSS7.8AI score0.01339EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/03 12:0 a.m.4 views

Zyxel多款产品 操作系统命令注入漏洞

Zyxel USG20W-VPN and others are products of China Hopkins Zyxel.Zyxel USG20W-VPN is a firewall appliance for use in corporate environments.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel USG FLEX series firmware is a series of securit...

8.1CVSS7.5AI score0.0132EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/29 12:0 a.m.5 views

The vulnerability of the IPSec VPN microprogramming software for network devices such as ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, and ATP allows a hacker to execute arbitrary code.

The vulnerability of the IPSec VPN microprogramming software for ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, and ATP is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a sequence of specially crafted...

8.1CVSS7.9AI score0.00889EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.1 views

PT-2024-1936 · Zyxel · Zyxel Usg +1

Name of the Vulnerable Software and Affected Versions: Zyxel USG and Zyxel VPN versions affected versions not specified Description: The issue is related to insufficient validation of incoming requests in the proactor1.2 service /usr/sbin/proactor1.2/pro of Zyxel USG and Zyxel VPN firewall and VP...

10CVSS7.1AI score
Exploits0References2
GithubExploit
GithubExploit
added 2024/02/27 3:31 a.m.402 views

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

10CVSS9.6AI score0.99938EPSS
Exploits27
OSV
OSV
added 2024/02/20 2:15 a.m.5 views

CVE-2023-6397

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service DoS conditions by downloading a crafted RAR compressed fil...

5.3CVSS5.8AI score0.003EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/14 9:7 a.m.66 views

New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks

The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one...

10CVSS9.7AI score0.99988EPSS
Exploits37
BDU FSTEC
BDU FSTEC
added 2023/12/19 12:0 a.m.7 views

The vulnerability of microprogrammed network devices such as ZyXEL USG, USG FLEX, ATP, and VPN lies in the lack of protective measures for the website structure. This allows attackers to execute arbitrary scripts on the vulnerable device.

The vulnerability of the microprogrammed network device software of ZyXEL USG, USG FLEX, ATP, and VPN relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts on the vulnerable device...

9CVSS8.2AI score0.01508EPSS
Exploits0References2Affected Software19
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.7 views

PT-2023-8711 · Zyxel · Wax300H +6

Name of the Vulnerable Software and Affected Versions: ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1 ZyXEL USG FLEX 50W/USG20W-VPN versions 4.16 through 5.37 Patch 1 ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1 ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1 NWA50AX firmwa...

8.3CVSS8.1AI score0.01333EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/11/28 12:0 a.m.5 views

Zyxel ATP Security Vulnerability

Zyxel ATP is a firewall from Zyxel, China. Zyxel ATP series 4.32 to 5.37 firmware versions, USG FLEX series 4.50 to 5.37 firmware versions, USG FLEX 50W series 4.16 to 5.37 firmware versions, USG20W-VPN series 4.16 to 5.3 firmware versions, VPN series 4.30 to 5.37 firmware versions, NWA50AX...

5.5CVSS6.5AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/28 12:0 a.m.4 views

Zyxel ATP Security Vulnerability

Zyxel ATP is a firewall from Zyxel, China. A security vulnerability exists in the Zyxel ATP series firmware versions 4.32 to 5.37, USG FLEX series firmware versions 4.50 to 5.37, USG FLEX 50W series firmware versions 4.16 to 5.37, USG20W-VPN series firmware versions 4.16 to 5.3, and VPN series...

5.5CVSS6.5AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder