51 matches found
CVE-2023-33012
CVE-2023-33012 is a command-injection vulnerability in the configuration parser of Zyxel devices (ATP, USG FLEX/50(W), USG20(W)-VPN, VPN series). The root cause is a flaw in parsing GRE configurations when cloud management mode is enabled, allowing an unauthenticated, LAN-based attacker to execut...
CVE-2023-33011
CVE-2023-33011 corresponds to a format-string vulnerability in Zyxel firmware affecting Zyxel ATP series (5.10–5.36 Patch 2), USG FLEX series (5.00–5.36 Patch 2), USG FLEX 50(W) (5.10–5.36 Patch 2), USG20(W)-VPN (5.10–5.36 Patch 2), and VPN series (5.00–5.36 Patch 2). The flaw permits an unauthen...
CVE-2023-33011
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...
CVE-2023-28767
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50W series firmware versions 5.10 through 5.36, USG20W-VPN series firmware versions 5.10 through 5.36, and VP...
CVE-2023-28767
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50W series firmware versions 5.10 through 5.36, USG20W-VPN series firmware versions 5.10 through 5.36, and VP...
Zyxel ATP 安全漏洞
Zyxel ATP is a firewall from Zyxel China. A security vulnerability exists in Zyxel ATP ZLD versions V4.32 through V5.36 Patch 2, USG FLEX ZLD versions V4.50 through V5.36 Patch 2, USG FLEX 50W / USG20W-VPN ZLD versions V4.16 through V5.36 Patch 2, VPN ZLD versions V4.30 through V5.36. A security...
Command injection
B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this...
Huawei HG532 routers contain a path traversal vulnerability
Overview Huawei HG532 routers, including the HG532e, n, s, and possibly other models, are vulnerable to arbitrary file access through path traversal. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-7254In vulnerable Huawei router models,...
ZTE ZXHN H108N R1A routers contain multiple vulnerabilities
Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.hPE, and ZXV10 W300 router, version W300V1.0.0fER1PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials...
Cisco Meraki HTTP Handler Local Information Disclosure Vulnerability
A vulnerability in an HTTP handler in Cisco Meraki firmware occurs because the handler does not require requests to come only from the Meraki cloud. This vulnerability could allow a LAN-based attacker to obtain sensitive credential information. An unauthenticated, remote attacker on an adjacent...
ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-02-11-1 ------------------------------------------------------------------------- ASPR 2011-02-11-1: Remote Binary Planting in Adobe Reader...