54 matches found
Zyxel多款产品 操作系统命令注入漏洞
Zyxel USG FLEX, among others, are products of the Chinese company Zyxel. Zyxel USG FLEX is a firewall. Zyxel ATP is also a firewall. Zyxel USG FLEX 50W/USG20W-VPN is a series of firewalls. Several Zyxel products have vulnerabilities related to operating system command injection. These...
CVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...
Zyxel ATP series firmware和Zyxel USG FLEX series firmware 安全漏洞
Zyxel ATP series firmware and Zyxel USG FLEX series firmware are both products of the China-based company Zyxel.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel ATP series firmware is a series of firewall firmware. A security...
CVE-2023-22913
A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...
Zyxel USG FLEX H Series Firewall < 1.32 Privilege Escalation
Firmware version of the Zyxel USG is less than uOS 1.32. This means the Zyxel device is vulnerable to a privilege escalation vulnerability. The improper privilege management vulnerability in the recovery function of certain USG FLEX H series uOS firmware versions could allow an authenticated loca...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
Zyxel USG FLEX 安全漏洞
Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper privilege...
Zyxel USG FLEX 安全漏洞
Zyxel USG FLEX is a firewall from China Hopkins Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel USG FLEX versions prior to V1.32, which stems from improper assignment of...
Vulnerabilities fixed in Zyxel Flex and USG Firewalls
Zyxel has fixed vulnerabilities in the firmware of ATP and USG Flex firewalls. A malicious party can exploit the vulnerabilities to cause a denial-of-service, possibly unpatched execute a limited set of commands on the vulnerable system, or execute arbitrary code in the victim's browser through a...
Zyxel ATP series firmware和Zyxel USG FLEX series firmware 操作系统命令注入漏洞
Zyxel ATP series firmware and Zyxel USG FLEX series firmware are both products of the Chinese company Zyxel.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel ATP series firmware is a series of firewall firmware. An operating system...
Zyxel多款产品 操作系统命令注入漏洞
Zyxel USG20W-VPN and others are products of China Hopkins Zyxel.Zyxel USG20W-VPN is a firewall appliance for use in corporate environments.Zyxel ATP series firmware is a series of firewall firmware.Zyxel USG FLEX series firmware is a series of Zyxel USG FLEX series firmware is a series of securit...
The vulnerability of the IPSec VPN microprogramming software for network devices such as ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, and ATP allows a hacker to execute arbitrary code.
The vulnerability of the IPSec VPN microprogramming software for ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, and ATP is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a sequence of specially crafted...
PT-2024-1936 · Zyxel · Zyxel Usg +1
Name of the Vulnerable Software and Affected Versions: Zyxel USG and Zyxel VPN versions affected versions not specified Description: The issue is related to insufficient validation of incoming requests in the proactor1.2 service /usr/sbin/proactor1.2/pro of Zyxel USG and Zyxel VPN firewall and VP...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...
CVE-2023-6397
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service DoS conditions by downloading a crafted RAR compressed fil...
New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks
The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one...
The vulnerability of microprogrammed network devices such as ZyXEL USG, USG FLEX, ATP, and VPN lies in the lack of protective measures for the website structure. This allows attackers to execute arbitrary scripts on the vulnerable device.
The vulnerability of the microprogrammed network device software of ZyXEL USG, USG FLEX, ATP, and VPN relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts on the vulnerable device...
PT-2023-8711 · Zyxel · Wax300H +6
Name of the Vulnerable Software and Affected Versions: ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1 ZyXEL USG FLEX 50W/USG20W-VPN versions 4.16 through 5.37 Patch 1 ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1 ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1 NWA50AX firmwa...
Zyxel ATP Security Vulnerability
Zyxel ATP is a firewall from Zyxel, China. Zyxel ATP series 4.32 to 5.37 firmware versions, USG FLEX series 4.50 to 5.37 firmware versions, USG FLEX 50W series 4.16 to 5.37 firmware versions, USG20W-VPN series 4.16 to 5.3 firmware versions, VPN series 4.30 to 5.37 firmware versions, NWA50AX...
Zyxel ATP Security Vulnerability
Zyxel ATP is a firewall from Zyxel, China. A security vulnerability exists in the Zyxel ATP series firmware versions 4.32 to 5.37, USG FLEX series firmware versions 4.50 to 5.37, USG FLEX 50W series firmware versions 4.16 to 5.37, USG20W-VPN series firmware versions 4.16 to 5.3, and VPN series...