Zyxel Gateway / Access Point External DNS Request Vulnerability

Some Zyxel Access Points are prone to an information disclosure vulnerability where external DNS requests can be made. This VT has been deprecated and replaced by various device specific VTs. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced...

CVE-2019-9955

Zyxel devices including ATP200/ATP500/ATP800, USG and ZyWALL series (e.g., USG20-VPN/USG1100/USG1900/ ZyWALL 110/310) are affected by CVE-2019-9955. The vulnerability is a reflected Cross-Site Scripting flaw on the security firewall login page caused by unsanitized mp_idx parameter in weblogin.cg...

Cross-Site Scripting Vulnerabilities in Multiple ZyXEL Products

ZyXEL ZyWall 310 and others are products of Taiwan, China-based ZyXEL Corporation.ZyXEL ZyWall 310 is a 310 series VPN firewall appliance.ZyXEL ZyWall 110 is a 110 series VPN firewall appliance.ZyXEL USG1900 is a next-generation unified security gateway appliance. A cross-site scripting...

Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting

Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting Exploit Title: Reflected XSS on Zyxel login pages Date: 10 Apr 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG4...