51 matches found
CVE-2026-49195
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
EUVD-2024-37235
Malicious code in bioql PyPI...
EUVD-2024-49453
Malicious code in bioql PyPI...
EUVD-2023-38240
Malicious code in bioql PyPI...
EUVD-2023-38243
Malicious code in bioql PyPI...
EUVD-2024-49454
Malicious code in bioql PyPI...
CVE-2023-34139
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affecte...
CVE-2023-33011
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...
CVE-2024-8881
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...
CVE-2024-8882
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service DoS conditions via a crafted URL...
CVE-2024-8881
CVE-2024-8881 describes a post-authentication command-injection in the CGI component of Zyxel GS1900-48 switches. Affected firmware: V2.80(AAHN.1)C0 and earlier. Exploitation requires an authenticated attacker with administrator privileges on the LAN, who can send a crafted HTTP request to execut...
CVE-2024-38270
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...
CVE-2024-38270
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80AAZI.0C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid...
CVE-2024-38270
The CVE-2024-38270 entry concerns Zyxel GS1900-10HP firmware v2.80(AAZI.0)C0. The root cause is the improper use of a randomness function with low entropy to generate web authentication tokens. This enables a LAN-based attacker, under the condition that multiple authenticated sessions are active,...
CVE-2023-6397
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service DoS conditions by downloading a crafted RAR compressed fil...
Null pointer dereference
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service DoS conditions by downloading a crafted RAR compressed fil...
CVE-2023-6397
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service DoS conditions by downloading a crafted RAR compressed fil...
CVE-2023-6397
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service DoS conditions by downloading a crafted RAR compressed fil...
CVE-2023-35139
A cross-site scripting XSS vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50W series firmware versions 5.10 through 5.37, USG20W-VPN series firmware versions 5.10 through 5.37, and VPN...
CVE-2023-28768
Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80ABXN.1, XMG1930-30 firmware version V4.80ACAR.1, and XS1930-10 firmware version V4.80ABQE.1 could allow an unauthenticated LAN-based attacker to cause denial-of-service DoS conditions by sending crafted frames to an affected...