Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Usg20\-Vpn_firmware
(Zyxel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-04 | CVE-2020-9054 | Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command... | Atp100_firmware, Atp200_firmware, Atp500_firmware, Atp800_firmware, Nas326_firmware, Nas520_firmware, Nas540_firmware, Nas542_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware | 9.8 | ||
| 2020-12-22 | CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware | 9.8 | ||
| 2023-05-24 | CVE-2023-33009 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS)... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | N/A | ||
| 2023-05-24 | CVE-2023-33010 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 9.8 | ||
| 2024-02-20 | CVE-2023-6398 | A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nwa110ax_firmware, Nwa1123acv3_firmware, Nwa210ax_firmware, Nwa220ax\-6e_firmware, Nwa50ax\-Pro_firmware, Nwa50ax_firmware, Nwa55axe_firmware, Nwa90ax\-Pro_firmware, Nwa90ax_firmware, Uos, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware, Wac500_firmware, Wac500h_firmware, Wax300h_firmware, Wax510d_firmware, Wax610d_firmware, Wax620d\-6e_firmware, Wax630s_firmware, Wax640s\-6e_firmware, Wax650s_firmware, Wax655e_firmware, Wbe660s_firmware | N/A |