Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.45 views

Zyxel NAS < 5.21 / USG < 4.35 / ATP < 4.35 / VPN < 4.35 / ZyWALL < 4.35 RCE (CVE-2020-9054)

Firmware version of the Zyxel USG, ATP, ZyWALL or VPN is less than 4.35 or the version of Zyxel NAS is less than 5.21. This Zyxel device firmware is missing authentication logic which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an...

10CVSS8.8AI score0.99988EPSS
Exploits2References2
Prion
Prion
added 2022/05/12 2:15 p.m.29 views

Command injection

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...

10CVSS9.7AI score0.99938EPSS
Exploits27References5Affected Software16
Krebs on Security
Krebs on Security
added 2020/03/20 2:46 p.m.83 views

Zyxel Flaw Powers New Mirai IoT Botnet Strain

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited ...

10CVSS9.4AI score0.99988EPSS
Exploits2
ThreatPost
ThreatPost
added 2020/03/20 1:27 p.m.70 views

New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...

10CVSS10AI score0.99988EPSS
Exploits2References22
ThreatPost
ThreatPost
added 2020/03/20 1:27 p.m.42 views

New Mirai Variant 'Mukashi' Targets Zyxel NAS Devices

Another variant of the shape-shifting Mirai botnet is attacking Zyxel network-attached storage NAS devices using a critical vulnerability that was only recently discovered, according to security researchers. The variant, dubbed Mukashi, takes advantage of a pre-authentication command injection...

10CVSS10AI score0.99988EPSS
Exploits2References22
CVE
CVE
added 2020/03/04 7:30 p.m.1270 views

CVE-2020-9054

CVE-2020-9054 (ZyXEL NAS) affects ZyXEL NAS devices on firmware v5.21 and earlier (NAS326, NAS520, NAS540, NAS542) where the weblogin.cgi authentication path fails to sanitize the username, enabling pre-authentication command injection. The vulnerability can allow an unauthenticated remote attack...

10CVSS10AI score0.99988EPSS
In wildExploits2References6Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/02/26 12:0 a.m.15 views

ZyXEL NAS Command Injection (CVE-2020-9054)

A command injection vulnerability exists in Multiple ZyXEL network-attached storage NAS devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.7AI score0.99988EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2020/02/26 12:0 a.m.62 views

VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi

” Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to...

10CVSS10.4AI score0.99988EPSS
Exploits2References5
Rows per page
Query Builder