Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Atp500_firmware
(Zyxel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-19 | CVE-2022-30526 | A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_2200\-Vpn_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware | 7.8 | ||
| 2022-12-06 | CVE-2022-40603 | A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 6.1 | ||
| 2022-05-12 | CVE-2022-30525 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20w\-Vpn_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 9.8 | ||
| 2022-07-19 | CVE-2022-2030 | A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_2200\-Vpn_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware | 6.5 | ||
| 2022-05-24 | CVE-2022-26532 | A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5)... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nap203_firmware, Nap303_firmware, Nap353_firmware, Nsg100_firmware, Nsg300_firmware, Nsg50_firmware, Nwa110ax_firmware, Nwa1123\-Ac\-Hd_firmware, Nwa1123\-Ac\-Pro_firmware, Nwa1123acv3_firmware, Nwa1302\-Ac_firmware, Nwa210ax_firmware, Nwa50ax_firmware, Nwa5123\-Ac\-Hd_firmware, Nwa55axe_firmware, Nwa90ax_firmware, Nxc2500_firmware, Nxc5500_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Wac500_firmware, Wac500h_firmware, Wac5302d\-S_firmware, Wac5302d\-Sv2_firmware, Wac6103d\-I_firmware, Wac6303d\-S_firmware, Wac6502d\-E_firmware, Wac6502d\-S_firmware, Wac6503d\-S_firmware, Wac6552d\-S_firmware, Wac6553d\-S_firmware, Wax510d_firmware, Wax610d_firmware, Wax630s_firmware, Wax650s_firmware | 7.8 | ||
| 2022-05-24 | CVE-2022-0734 | A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 6.1 | ||
| 2022-05-24 | CVE-2022-0910 | A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 6.5 | ||
| 2022-03-28 | CVE-2022-0342 | An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nsg300_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware | 9.8 | ||
| 2020-03-04 | CVE-2020-9054 | Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command... | Atp100_firmware, Atp200_firmware, Atp500_firmware, Atp800_firmware, Nas326_firmware, Nas520_firmware, Nas540_firmware, Nas542_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware | N/A | ||
| 2019-04-22 | CVE-2019-9955 | On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. | Atp200_firmware, Atp500_firmware, Atp800_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200\-Vpn_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware | 6.1 |