- EPSS 94.42%
- Published 12.05.2022 14:15:07
- Last modified 13.03.2025 16:37:06
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX...
CVE-2022-0342
- EPSS 92.29%
- Published 28.03.2022 13:15:07
- Last modified 21.11.2024 06:38:25
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware version...
- EPSS 94.04%
- Published 22.12.2020 22:15:14
- Last modified 03.04.2025 19:46:18
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server...
- EPSS 94.31%
- Published 04.03.2020 20:15:10
- Last modified 21.03.2025 19:50:32
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyX...
CVE-2019-9955
- EPSS 18%
- Published 22.04.2019 20:29:00
- Last modified 21.11.2024 04:52:39
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS ...