4 matches found
CVE-2022-0910
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...
Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices
Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting XSS...
CVE-2022-0910
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...
CVE-2022-0910
CVE-2022-0910 describes an authentication-bypass flaw in Zyxel firewall products where an authenticated attacker can downgrade from two-factor to one-factor authentication when connecting to the IPsec VPN server. Affected are Zyxel USG/ZyWALL firmware 4.32–4.71, USG FLEX 4.50–5.21, ATP 4.32–5.21,...