51 matches found
VulnCheck KEV: CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...
EUVD-2017-8710
Malware in sbrugna...
EUVD-2007-4300
Malware in sbrugna...
EUVD-2002-0435
Malware in sbrugna...
EUVD-2007-4302
Malware in sbrugna...
EUVD-2007-4301
Malware in sbrugna...
EUVD-2007-4299
Malware in sbrugna...
CVE-2022-40603
A cross-site scripting XSS vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an...
PT-2023-2851
Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions 4.32 through 5.36 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.36 Patch 1 Zyxel USG FLEX 50W versions 4.25 through 5.36 Patch 1 Zyxel USG20W-VPN versions 4.25 through 5.36 Patch 1 Zyxel VPN series versions 4....
The vulnerability of microprogrammed software in network devices such as Zyxel ZyWALL/USG, VPN, USG FLEX, ATP allows a perpetrator to execute arbitrary commands.
The vulnerability of Zyxel ZyWALL/USG, VPN, USG FLEX, and ATP network devices exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...
Zyxel ZyWALL USG 操作系统命令注入漏洞
The Zyxel ZyWALL USG is a network security firewall appliance from China's Heqin Zyxel. An operating system command injection vulnerability exists in Zyxel ZyWALL USG versions 4.60 through 5.35, which stems from improper error message handling. An attacker could exploit this vulnerability to...
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting Vulnerability
Exploit Title: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting XSS Exploit Author: Momen Eldawakhly CyberGuy Vendor Homepage: https://www.zyxel.com Version: ZyWALL 2 Plus Tested on: Ubuntu Linux Firefox CVE : CVE-2021-46387 GET...
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)
Exploit Title: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting XSS Date: 1/3/2022 Exploit Author: Momen Eldawakhly CyberGuy Vendor Homepage: https://www.zyxel.com Version: ZyWALL 2 Plus Tested on: Ubuntu Linux Firefox CVE : CVE-2021-46387 GET...
CVE-2021-46387
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...
Zyxel Zywall310跨站脚本漏洞
A cross-site scripting vulnerability exists in Zyxel ZyWALL 2 Plus, a firewall appliance for corporate environments from Zyxel China, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to be able to execute arbitrary...
CVE-2019-12581
A reflective Cross-site scripting XSS vulnerability in the freetimefailed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter...
ZyXEL ZyWALL USG Cross-Site Request Forgery Vulnerability
ZyXEL ZyWALL USG is a network security firewall appliance from Hopkins ZyXEL Technology. A cross-site request forgery vulnerability exists in ZyXEL ZyWALL USG version 2.12 AQQ.2 and 3.30 AQQ.7. A remote attacker can exploit this vulnerability by adding user accounts with the help of the 'cmd'...
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS...
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS...