93 matches found
CVE-2025-9133
Summary of CVE-2025-9133 (Zyxel devices) Technical details in the connected PT-2025-42828 entry show a missing authorization flaw in Zyxel ATP series, Zyxel USG FLEX series, and Zyxel USG20(W)-VPN devices. The vulnerability arises from insufficient input validation/logic in the CGI interface, spe...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
EUVD-2025-35120
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
PT-2025-42828
Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...
VulnCheck KEV: CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
EUVD-2021-21676
Malware in sbrugna...
EUVD-2023-38241
Malicious code in bioql PyPI...
EUVD-2023-27017
Malicious code in bioql PyPI...
EUVD-2023-27016
Malicious code in bioql PyPI...
EUVD-2025-12140
Malicious code in bioql PyPI...
EUVD-2023-27015
Malicious code in bioql PyPI...
EUVD-2025-12335
Malicious code in bioql PyPI...
EUVD-2023-58231
Malicious code in bioql PyPI...
CVE-2023-22914
A path traversal vulnerability in the “accountprint.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS command...
CVE-2023-5960
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device...
CVE-2022-40603
A cross-site scripting XSS vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an...
CVE-2020-29583
Firmware version 4.60 of Zyxel USG devices contains an undocumented account zyfwp with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges...
Zyxel USG FLEX H Series Firewall < 1.30 Privilege Escalation
Firmware version of the Zyxel USG is less than uOS 1.30. This means the Zyxel device is vulnerable to a privilege escalation vulnerability. The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series firewalls could allow an authenticated local attacker to...
Zyxel USG FLEX H Series Firewall 1.20 < 1.32 Privilege Escalation
Firmware version of the Zyxel USG is less than uOS 1.32. This means the Zyxel device is vulnerable to mualtiple privilege escalation vulnerability. The incorrect permission assignment vulnerability in the PostgreSQL commands of certain USG FLEX H series uOS firmware versions could allow an...