14 matches found
CVE-2024-42060
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-6343
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...
CVE-2023-6399
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...
CVE-2023-6398
CVE-2023-6398 is a post-authentication command-injection vulnerability in Zyxel devices where the file upload binary can be abused by an authenticated administrator to execute OS commands on the device via FTP. Affected products include ZyXEL ATP series (4.32–5.37 Patch 1), USG FLEX series (4.50–...
Buffer overflow
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30...
CVE-2023-35136
CVE-2023-35136 describes an improper input validation vulnerability in the Quagga package across Zyxel devices (ATP series 4.32–5.37; USG FLEX 4.50–5.37; USG FLEX 50(W) 4.16–5.37; USG20(W)-VPN 4.16–5.37; VPN series 4.30–5.37) that could allow an authenticated local attacker to access configuratio...
PT-2023-7251 · Zyxel · Zyxel Usg Flex Series +3
Name of the Vulnerable Software and Affected Versions: Zyxel ATP series version 5.37 Zyxel USG FLEX series version 5.37 Zyxel USG FLEX 50W series version 5.37 Zyxel USG20W-VPN series version 5.37 Description: A buffer overflow issue in the firmware could allow an authenticated local attacker with...
Command injection
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10...
Buffer overflow
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50W series firmware versions 4.16 through 5.36 Patch 2, USG20W-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN...
Command injection
A command injection vulnerability in the access point AP management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.00 through 5.36 Patch 2, USG20W-VPN series firmware...
CVE-2023-34141
CVE-2023-34141 affects Zyxel devices (ATP series, USG FLEX series including USG FLEX 50(W), USG20(W)-VPN, VPN series; NXC2500 and NXC5500) with firmware ranges up to 5.36 Patch 2 or 6.10 AAIG/AAOS variants. Description: a command-injection in the access point (AP) management feature could allow a...
CVE-2023-34140
CVE-2023-34140 affects Zyxel CAPWAP-based devices (ATP series 4.32–5.36 Patch 2; USG FLEX 4.50–5.36 Patch 2; USG FLEX 50(W) 4.16–5.36 Patch 2; USG20(W)-VPN 4.16–5.36 Patch 2; VPN 4.30–5.36 Patch 2; NXC2500 6.10(AAIG.0–AAIG.3); NXC5500 6.10(AAOS.0–AAOS.4)). A buffer overflow in the CAPWAP daemon a...
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
Zyxel ATP, USG FLEX, USG FLEX 50W, USG20W-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service DoS conditions and remote code execution on an affected device...
CVE-2023-22916
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50W firmware versions 5.10 through 5.35, USG20W-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails ...