69 matches found
CVE-2025-11730
A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
CVE-2025-8078
CVE-2025-8078 describes a post-authentication command-injection vulnerability in Zyxel devices: Zyxel ATP series firmware v4.32–v5.40, USG FLEX series v4.50–v5.40, USG FLEX 50(W) series v4.16–v5.40, and USG20(W)-VPN series v4.16–v5.40. An authenticated administrator can pass a crafted string as a...
PT-2025-42828
Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...
CVE-2024-42061
A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...
CVE-2024-11667
CVE-2024-11667 involves a directory traversal flaw in Zyxel firewalls' web management interface (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN) affecting firmware V5.00–V5.38 (and related ranges). The vulnerability could allow an attacker to download or upload files via a crafted URL, with impact t...
CVE-2024-11667
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50W series firmware versions V5.10 through V5.38, and USG20W-VPN series firmware versions V5.10 through...
CVE-2024-42061
A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...
CVE-2024-42061
A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...
CVE-2024-42059
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...
CVE-2024-42059
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...
CVE-2024-42060
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42057
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42061
CVE-2024-42061 is a documented reflected cross-site scripting (XSS) vulnerability in Zyxel devices. The CGI program \
CVE-2024-42061
A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...
CVE-2024-42060
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42060
CVE-2024-42060 is a post-authentication command-injection vulnerability in Zyxel devices, affecting firmware ranges: ATP v4.32–5.38 , USG FLEX v4.50–5.38 , USG FLEX 50(W) v4.16–5.38 , and USG20(W)-VPN v4.16–5.38 . An authenticated administrator can upload a crafted internal user agreement file to...
CVE-2024-42060
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42059
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...
CVE-2024-42059
CVE-2024-42059 affects Zyxel devices including ATP series firmware V5.00–V5.38, USG FLEX series V5.00–V5.38, USG FLEX 50(W) V5.00–V5.38, and USG20(W)-VPN V5.00–V5.38. The issue is a post-authentication command-injection vulnerability in the FTP handling that allows an authenticated administrator ...