Lucene search
K

17 matches found

CVE
CVE
added 2025/10/21 1:49 a.m.21 views

CVE-2025-8078

CVE-2025-8078 describes a post-authentication command-injection vulnerability in Zyxel devices: Zyxel ATP series firmware v4.32–v5.40, USG FLEX series v4.50–v5.40, USG FLEX 50(W) series v4.16–v5.40, and USG20(W)-VPN series v4.16–v5.40. An authenticated administrator can pass a crafted string as a...

7.2CVSS7.2AI score0.01484EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/03 1:54 a.m.28 views

CVE-2024-42060

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...

7.2CVSS0.01339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/03 1:28 a.m.23 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS0.00605EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/29 12:0 a.m.8 views

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...

8.3CVSS7.5AI score0.01333EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/20 1:42 a.m.15 views

CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...

5.7CVSS6.6AI score0.00649EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 1:34 a.m.71 views

CVE-2023-6398

CVE-2023-6398 is a post-authentication command-injection vulnerability in Zyxel devices where the file upload binary can be abused by an authenticated administrator to execute OS commands on the device via FTP. Affected products include ZyXEL ATP series (4.32–5.37 Patch 1), USG FLEX series (4.50–...

7.2CVSS7.2AI score0.01333EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/28 2:15 a.m.21 views

Buffer overflow

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30...

1.7CVSS7.4AI score0.00221EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/28 1:16 a.m.51 views

CVE-2023-35136

CVE-2023-35136 describes an improper input validation vulnerability in the Quagga package across Zyxel devices (ATP series 4.32–5.37; USG FLEX 4.50–5.37; USG FLEX 50(W) 4.16–5.37; USG20(W)-VPN 4.16–5.37; VPN series 4.30–5.37) that could allow an authenticated local attacker to access configuratio...

5.5CVSS5.3AI score0.00243EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.4 views

PT-2023-7251 · Zyxel · Zyxel Usg Flex Series +3

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series version 5.37 Zyxel USG FLEX series version 5.37 Zyxel USG FLEX 50W series version 5.37 Zyxel USG20W-VPN series version 5.37 Description: A buffer overflow issue in the firmware could allow an authenticated local attacker with...

4.6CVSS5.1AI score0.00233EPSS
Exploits0References5
Prion
Prion
added 2023/07/17 6:15 p.m.32 views

Buffer overflow

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50W series firmware versions 4.16 through 5.36 Patch 2, USG20W-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN...

3.3CVSS6.5AI score0.00268EPSS
Exploits0References1Affected Software24
Prion
Prion
added 2023/07/17 6:15 p.m.27 views

Command injection

A command injection vulnerability in the access point AP management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.00 through 5.36 Patch 2, USG20W-VPN series firmware...

5.4CVSS8.1AI score0.00629EPSS
Exploits0References1Affected Software24
Prion
Prion
added 2023/07/17 6:15 p.m.28 views

Command injection

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10...

5.8CVSS8.9AI score0.1014EPSS
Exploits2References1Affected Software22
CVE
CVE
added 2023/07/17 5:56 p.m.53 views

CVE-2023-34141

CVE-2023-34141 affects Zyxel devices (ATP series, USG FLEX series including USG FLEX 50(W), USG20(W)-VPN, VPN series; NXC2500 and NXC5500) with firmware ranges up to 5.36 Patch 2 or 6.10 AAIG/AAOS variants. Description: a command-injection in the access point (AP) management feature could allow a...

8CVSS8.1AI score0.00629EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/17 5:49 p.m.49 views

CVE-2023-34140

CVE-2023-34140 affects Zyxel CAPWAP-based devices (ATP series 4.32–5.36 Patch 2; USG FLEX 4.50–5.36 Patch 2; USG FLEX 50(W) 4.16–5.36 Patch 2; USG20(W)-VPN 4.16–5.36 Patch 2; VPN 4.30–5.36 Patch 2; NXC2500 6.10(AAIG.0–AAIG.3); NXC5500 6.10(AAOS.0–AAOS.4)). A buffer overflow in the CAPWAP daemon a...

6.5CVSS6.5AI score0.00268EPSS
Exploits0References1Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/05 12:0 a.m.48 views

Zyxel Multiple Firewalls Buffer Overflow Vulnerability

Zyxel ATP, USG FLEX, USG FLEX 50W, USG20W-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service DoS conditions and remote code execution on an affected device...

9.8CVSS8.4AI score0.28813EPSS
In wildExploits0
NVD
NVD
added 2023/04/24 5:15 p.m.26 views

CVE-2023-22916

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50W firmware versions 5.10 through 5.35, USG20W-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails ...

8.1CVSS8.1AI score0.00693EPSS
Exploits0References1
0day.today
0day.today
added 2022/05/16 12:0 a.m.355 views

Zyxel Firewall ZTP Unauthenticated Command Injection Exploit

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning ZTP support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler...

9.8CVSS9.3AI score0.99938EPSS
Exploits27
Rows per page
Query Builder