34 matches found
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...
Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)
Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange IKE packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX...
Zyxel Multiple Firewalls OS Command Injection Vulnerability
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device...
Zyxel patches two critical vulnerabilities
Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service DoS conditions and even a remote code execution on the affected Zyxell firewalls. Affected users should...
Zyxel Issues Critical Security Patches for Firewall and VPN Products
Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out ...
Vulnerabilities fixed in Zyxel firewalls
Zyxel has fixed vulnerabilities in the firmware of firewall series ATP, USG FLEX, VPN and ZyWall/USG. An unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, and possibly also to execute arbitrary execute arbitrary code on the vulnerable system. Zyxel ha...
Buffer overflow
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50W firmware versions 4.60 through 5.36 Patch 1, USG20W-VPN firmware versions 4.60 through 5.36 Patch...
PT-2023-2851
Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions 4.32 through 5.36 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.36 Patch 1 Zyxel USG FLEX 50W versions 4.25 through 5.36 Patch 1 Zyxel USG20W-VPN versions 4.25 through 5.36 Patch 1 Zyxel VPN series versions 4....
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now
Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security...
Zyxel ZyWALL USG 操作系统命令注入漏洞
The Zyxel ZyWALL USG is a network security firewall appliance from China's Heqin Zyxel. An operating system command injection vulnerability exists in Zyxel ZyWALL USG versions 4.60 through 5.35, which stems from improper error message handling. An attacker could exploit this vulnerability to...
CVE-2022-38547
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which...
CVE-2022-38547
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which...
CVE-2022-40603
A cross-site scripting XSS vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an...
ZyXEL ZyWALL USG Cross-Site Request Forgery Vulnerability
ZyXEL ZyWALL USG is a network security firewall appliance from Hopkins ZyXEL Technology. A cross-site request forgery vulnerability exists in ZyXEL ZyWALL USG version 2.12 AQQ.2 and 3.30 AQQ.7. A remote attacker can exploit this vulnerability by adding user accounts with the help of the 'cmd'...
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS...
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS...
Cross site request forgery (csrf)
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS...
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS...
ZyXEL ZyWALL/USG Series Device Information Disclosure Vulnerability
ZyXEL ZyWALL/USG is a network security firewall appliance from Hopkins ZyXEL Technology. A security vulnerability exists in the Internet Key Exchange IKE handshake implementation used for IPsec-based VPN connections in the ZyXEL ZyWALL/USG series devices. An attacker can exploit the vulnerability...