443 matches found
CVE-2025-11730
A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...
CVE-2025-9133
Summary of CVE-2025-9133 (Zyxel devices) Technical details in the connected PT-2025-42828 entry show a missing authorization flaw in Zyxel ATP series, Zyxel USG FLEX series, and Zyxel USG20(W)-VPN devices. The vulnerability arises from insufficient input validation/logic in the CGI interface, spe...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
EUVD-2025-35120
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
CVE-2025-8078
CVE-2025-8078 describes a post-authentication command-injection vulnerability in Zyxel devices: Zyxel ATP series firmware v4.32–v5.40, USG FLEX series v4.50–v5.40, USG FLEX 50(W) series v4.16–v5.40, and USG20(W)-VPN series v4.16–v5.40. An authenticated administrator can pass a crafted string as a...
PT-2025-42828
Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...
VulnCheck KEV: CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
EUVD-2016-9125
Malware in sbrugna...
EUVD-2020-30042
Malware in sbrugna...
EUVD-2021-21676
Malware in sbrugna...
EUVD-2016-9124
Malware in sbrugna...
EUVD-2017-8323
Malware in sbrugna...
EUVD-2020-21674
Malware in sbrugna...