CVE-2021-35029
- EPSS 0.71%
- Published 02.07.2021 11:15:08
- Last modified 21.11.2024 06:11:42
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to...
CVE-2019-12581
- EPSS 55.65%
- Published 27.06.2019 15:15:09
- Last modified 21.11.2024 04:23:08
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
CVE-2019-12583
- EPSS 59.06%
- Published 27.06.2019 14:15:10
- Last modified 21.11.2024 04:23:08
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial ...
CVE-2019-9955
- EPSS 18%
- Published 22.04.2019 20:29:00
- Last modified 21.11.2024 04:52:39
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS ...