Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting

ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks. id: CVE-2021-46387 info: name: Zyxel ZyWALL 2...

Zyxel ZyWall UAG/USG - Account Creation Access

Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks. id: CVE-2019-12583 info: name: Zyxel ZyWall UAG/USG - Account Creation...

VulnCheck KEV: CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...

EUVD-2004-1783

Malware in sbrugna...

EUVD-2008-2164

Malware in sbrugna...

EUVD-2007-4301

Malware in sbrugna...

EUVD-2007-4299

Malware in sbrugna...

EUVD-2021-21676

Malware in sbrugna...

EUVD-2017-8710

Malware in sbrugna...

EUVD-2007-4302

Malware in sbrugna...

EUVD-2002-0435

Malware in sbrugna...

EUVD-2007-4300

Malware in sbrugna...

CVE-2023-28771

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...

CVE-2022-40603

A cross-site scripting XSS vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an...

CVE-2022-26532

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...

Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)

Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...

Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange IKE packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX...

Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution

This module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange IKE packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware versio...

Zyxel NAS < 5.21 / USG < 4.35 / ATP < 4.35 / VPN < 4.35 / ZyWALL < 4.35 RCE (CVE-2020-9054)

Firmware version of the Zyxel USG, ATP, ZyWALL or VPN is less than 4.35 or the version of Zyxel NAS is less than 5.21. This Zyxel device firmware is missing authentication logic which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an...

Zyxel Multiple Firewalls Buffer Overflow Vulnerability

Zyxel ATP, USG FLEX, USG FLEX 50W, USG20W-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service DoS conditions and remote code execution on an affected device...