Zyxel

Usg40w Firmware

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2022-38547

  • EPSS 0.45%
  • Veröffentlicht 07.02.2023 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:16:39

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP seri...

6.1

CVE-2022-40603

  • EPSS 0.96%
  • Veröffentlicht 06.12.2022 02:15:09
  • Zuletzt bearbeitet 21.11.2024 07:21:42

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware...

6.5

CVE-2022-2030

  • EPSS 1.26%
  • Veröffentlicht 19.07.2022 06:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:12

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 throug...

7.8

CVE-2022-30526

Exploit
  • EPSS 3.89%
  • Veröffentlicht 19.07.2022 06:15:08
  • Zuletzt bearbeitet 21.11.2024 07:02:52

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firm...

9.8

CVE-2022-0342

  • EPSS 92.29%
  • Veröffentlicht 28.03.2022 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:38:25

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware version...

9.8

CVE-2021-35029

  • EPSS 0.71%
  • Veröffentlicht 02.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:11:42

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to...

10

CVE-2020-29583

Warnung Exploit
  • EPSS 94.04%
  • Veröffentlicht 22.12.2020 22:15:14
  • Zuletzt bearbeitet 03.04.2025 19:46:18

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server...

10

CVE-2020-9054

Warnung Exploit
  • EPSS 94.31%
  • Veröffentlicht 04.03.2020 20:15:10
  • Zuletzt bearbeitet 21.03.2025 19:50:32

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyX...

6.1

CVE-2019-9955

Exploit
  • EPSS 18%
  • Veröffentlicht 22.04.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:39

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS ...