CVE-2022-43466

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program...

CVE-2022-43466

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program...

Command injection

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program...

CVE-2022-43466

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program...

CVE-2022-40603

A cross-site scripting XSS vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

CVE-2022-0734

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that coul...

CVE-2022-0734

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that coul...

Authentication flaw

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

CVE-2022-0734

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that coul...

CVE-2022-0734

CVE-2022-0734 describes a cross-site scripting vulnerability in Zyxel USG/ZyWALL CGI programs across multiple firmware lines (USG/ZyWALL 4.35–4.70, USG FLEX 4.50–5.20, ATP 4.35–5.20, VPN 4.35–5.20). The issue allows a malicious script to access information stored in a user’s browser, such as cook...

Zyxel Multiple Firewalls OS Command Injection Vulnerability

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device...

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify...

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

CVE-2022-30525

CVE-2022-30525 is an OS command injection in Zyxel firewall CGI (Zero Touch Provisioning) that allows remote, unauthenticated code execution via /ztp/cgi-bin/handler (nobody user). Affected: USG FLEX series (5.00–5.21 Patch 1), USG FLEX 50W/USG20(W)-VPN (5.10–5.21 Patch 1), ATP series (5.10–5.21 ...

Update now! Zyxel patches critical firewall bypass vulnerability

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...

Authentication Bypass Vulnerability in Zyxel Firmware

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A severe vulnerability CVE-2022-0342 has been discovered in the firmware of some of Zyxels business-grade firewall and VPN products, potentially allowing attackers administrator-level access to affected devices. This...

CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...

CVE-2022-0342

CVE-2022-0342 describes an authentication bypass in Zyxel CGI web interfaces across multiple product lines (USG/ZyWALL, USG FLEX, ATP, VPN, NSG) with firmware ranges 4.20–4.70, 4.50–5.20, 4.32–5.20, 4.30–5.20, and 1.20–1.33 Patch 4. The flaw allows bypassing web authentication to obtain administr...