Vulnerabilidades em Zyxel
165 resultadosCVE-2024-7261CRITICALThe improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4EPSS 11.3%CVE-2023-33012HIGHA command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX EPSS 10.1%CVE-2024-29976MEDIUM** UNSUPPORTED WHEN ASSIGNED **
The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware vEPSS 9.0%CVE-2025-3577MEDIUM**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00EPSS 9.0%CVE-2022-0734MEDIUMA cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FEPSS 8.4%CVE-2022-26531MEDIUMMultiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71EPSS 5.8%CVE-2025-9133HIGHA missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions fromEPSS 5.5%CVE-2023-28769CRITICALThe buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.EPSS 5.4%CVE-2017-3216—WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remoteEPSS 5.2%CVE-2022-26532HIGHA argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEEPSS 4.8%CVE-2024-8234HIGH** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in theEPSS 4.4%CVE-2018-1164—This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router EPSS 4.2%CVE-2024-11667HIGHA directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX seriEPSS 3.0%KEVCVE-2022-38547HIGHA post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPNEPSS 2.8%CVE-2021-35029CRITICALAn authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64EPSS 2.3%CVE-2024-6342CRITICAL**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAEPSS 2.1%CVE-2021-35027HIGHA directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access EPSS 2.0%CVE-2025-11848MEDIUMA null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 EPSS 1.8%CVE-2023-37927HIGHThe improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmwareEPSS 1.8%CVE-2025-11847MEDIUMA null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0EPSS 1.7%