52 matches found
CVE-2024-11667
CVE-2024-11667 involves a directory traversal flaw in Zyxel firewalls' web management interface (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN) affecting firmware V5.00–V5.38 (and related ranges). The vulnerability could allow an attacker to download or upload files via a crafted URL, with impact t...
CVE-2024-11667
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50W series firmware versions V5.10 through V5.38, and USG20W-VPN series firmware versions V5.10 through...
CVE-2024-42061
A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...
CVE-2024-42057
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42059
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...
CVE-2024-42060
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42061
A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...
CVE-2024-42061
CVE-2024-42061 is a documented reflected cross-site scripting (XSS) vulnerability in Zyxel devices. The CGI program \
CVE-2024-42060
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42060
CVE-2024-42060 is a post-authentication command-injection vulnerability in Zyxel devices, affecting firmware ranges: ATP v4.32–5.38 , USG FLEX v4.50–5.38 , USG FLEX 50(W) v4.16–5.38 , and USG20(W)-VPN v4.16–5.38 . An authenticated administrator can upload a crafted internal user agreement file to...
CVE-2024-42060
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-42059
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50W series firmware versions from V5.00 through V5.38, and USG20W-VPN series firmware versions from V5.00...
CVE-2024-42059
CVE-2024-42059 affects Zyxel devices including ATP series firmware V5.00–V5.38, USG FLEX series V5.00–V5.38, USG FLEX 50(W) V5.00–V5.38, and USG20(W)-VPN V5.00–V5.38. The issue is a post-authentication command-injection vulnerability in the FTP handling that allows an authenticated administrator ...
CVE-2024-42058
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V5.20 through V5.38, and USG20W-VPN series firmware versions from V5.20 through V5.38 cou...
CVE-2024-42058
CVE-2024-42058 is a null pointer dereference vulnerability in Zyxel devices: Zyxel ATP firmware v4.32–v5.38, USG FLEX v4.50–v5.38, USG FLEX 50(W) v5.20–v5.38, and USG20(W)-VPN v5.20–v5.38. It allows an unauthenticated attacker to cause DoS by sending crafted packets, with network attack vector an...
CVE-2024-42057
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16...
CVE-2024-6343
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...
CVE-2024-6343
CVE-2024-6343 is a buffer overflow in the CGI program of Zyxel ATP/USG firmware (V4.32–V5.38; USG FLEX V4.50–V5.38; USG FLEX 50(W) V4.16–V5.38; USG20(W)-VPN V4.16–V5.38). An authenticated administrator can trigger denial of service by sending a crafted HTTP request to a vulnerable device. The iss...
CVE-2024-6343
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...
Format string
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN series firmware versions from 4.16 through 5.37...