Usg310_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Usg310_firmware
(Zyxel)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	10

Date	Id	Summary	Products	Score	Patch	Annotated
2022-05-24	CVE-2022-26531	Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version...	Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nap203_firmware, Nap303_firmware, Nap353_firmware, Nsg100_firmware, Nsg300_firmware, Nsg50_firmware, Nwa110ax_firmware, Nwa1123\-Ac\-Hd_firmware, Nwa1123\-Ac\-Pro_firmware, Nwa1123acv3_firmware, Nwa1302\-Ac_firmware, Nwa210ax_firmware, Nwa50ax_firmware, Nwa5123\-Ac\-Hd_firmware, Nwa55axe_firmware, Nwa90ax_firmware, Nxc2500_firmware, Nxc5500_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Wac500_firmware, Wac500h_firmware, Wac5302d\-S_firmware, Wac5302d\-Sv2_firmware, Wac6103d\-I_firmware, Wac6303d\-S_firmware, Wac6502d\-E_firmware, Wac6502d\-S_firmware, Wac6503d\-S_firmware, Wac6552d\-S_firmware, Wac6553d\-S_firmware, Wax510d_firmware, Wax610d_firmware, Wax630s_firmware, Wax650s_firmware	7.8
2020-12-22	CVE-2020-29583	Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.	Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware	9.8
2022-05-24	CVE-2022-26532	A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5)...	Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nap203_firmware, Nap303_firmware, Nap353_firmware, Nsg100_firmware, Nsg300_firmware, Nsg50_firmware, Nwa110ax_firmware, Nwa1123\-Ac\-Hd_firmware, Nwa1123\-Ac\-Pro_firmware, Nwa1123acv3_firmware, Nwa1302\-Ac_firmware, Nwa210ax_firmware, Nwa50ax_firmware, Nwa5123\-Ac\-Hd_firmware, Nwa55axe_firmware, Nwa90ax_firmware, Nxc2500_firmware, Nxc5500_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Wac500_firmware, Wac500h_firmware, Wac5302d\-S_firmware, Wac5302d\-Sv2_firmware, Wac6103d\-I_firmware, Wac6303d\-S_firmware, Wac6502d\-E_firmware, Wac6502d\-S_firmware, Wac6503d\-S_firmware, Wac6552d\-S_firmware, Wac6553d\-S_firmware, Wax510d_firmware, Wax610d_firmware, Wax630s_firmware, Wax650s_firmware	7.8
2022-05-24	CVE-2022-0734	A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.	Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware	6.1
2022-05-24	CVE-2022-0910	A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.	Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware	6.5
2021-07-02	CVE-2021-35029	An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.	Usg1000_firmware, Usg100_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg2000_firmware, Usg200_firmware, Usg20\-Vpn_firmware, Usg20_firmware, Usg20w\-Vpn_firmware, Usg20w_firmware, Usg210_firmware, Usg2200\-Vpn_firmware, Usg300_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg50_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware, Zywall_atp100_firmware, Zywall_atp100w_firmware, Zywall_atp200_firmware, Zywall_atp500_firmware, Zywall_atp700_firmware, Zywall_atp800_firmware, Zywall_vpn100_firmware, Zywall_vpn300_firmware, Zywall_vpn50_firmware	9.8
2020-03-04	CVE-2020-9054	Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command...	Atp100_firmware, Atp200_firmware, Atp500_firmware, Atp800_firmware, Nas326_firmware, Nas520_firmware, Nas540_firmware, Nas542_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware	N/A
2019-06-27	CVE-2019-12583	Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.	Uag2100_firmware, Uag4100_firmware, Uag5100_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg210_firmware, Usg2200\-Vpn_firmware, Usg310_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware, Zywall_vpn100_firmware, Zywall_vpn300_firmware	9.1
2019-06-27	CVE-2019-12581	A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.	Uag2100_firmware, Uag4100_firmware, Uag5100_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg210_firmware, Usg2200\-Vpn_firmware, Usg310_firmware	6.1
2019-04-22	CVE-2019-9955	On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.	Atp200_firmware, Atp500_firmware, Atp800_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200\-Vpn_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware	6.1