31 matches found
CVE-2023-34141
A command injection vulnerability in the access point AP management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.00 through 5.36 Patch 2, USG20W-VPN series firmware...
CVE-2023-34141
A command injection vulnerability in the access point AP management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.00 through 5.36 Patch 2, USG20W-VPN series firmware...
CVE-2023-34140
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50W series firmware versions 4.16 through 5.36 Patch 2, USG20W-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN...
CVE-2023-34139
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affecte...
CVE-2023-33012
CVE-2023-33012 is a command-injection vulnerability in the configuration parser of Zyxel devices (ATP, USG FLEX/50(W), USG20(W)-VPN, VPN series). The root cause is a flaw in parsing GRE configurations when cloud management mode is enabled, allowing an unauthenticated, LAN-based attacker to execut...
CVE-2023-33011
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...
CVE-2023-33011
CVE-2023-33011 corresponds to a format-string vulnerability in Zyxel firmware affecting Zyxel ATP series (5.10–5.36 Patch 2), USG FLEX series (5.00–5.36 Patch 2), USG FLEX 50(W) (5.10–5.36 Patch 2), USG20(W)-VPN (5.10–5.36 Patch 2), and VPN series (5.00–5.36 Patch 2). The flaw permits an unauthen...
CVE-2023-28767
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50W series firmware versions 5.10 through 5.36, USG20W-VPN series firmware versions 5.10 through 5.36, and VP...
CVE-2023-28767
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50W series firmware versions 5.10 through 5.36, USG20W-VPN series firmware versions 5.10 through 5.36, and VP...
ZTE ZXHN H108N R1A routers contain multiple vulnerabilities
Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.hPE, and ZXV10 W300 router, version W300V1.0.0fER1PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials...
Cisco Meraki HTTP Handler Local Information Disclosure Vulnerability
A vulnerability in an HTTP handler in Cisco Meraki firmware occurs because the handler does not require requests to come only from the Meraki cloud. This vulnerability could allow a LAN-based attacker to obtain sensitive credential information. An unauthenticated, remote attacker on an adjacent...