Product:

Usg_flex_100w_firmware

(Zyxel)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 29
Date Id Summary Products Score Patch Annotated
2023-04-24 CVE-2023-27991 The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware 8.8
2023-04-24 CVE-2023-22918 A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version... Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nap203_firmware, Nap303_firmware, Nap353_firmware, Nwa110ax_firmware, Nwa1123\-Ac\-Pro_firmware, Nwa1123\-Ac_hd_firmware, Nwa1123acv3_firmware, Nwa210ax_firmware, Nwa220ax\-6e_firmware, Nwa50ax\-Pro_firmware, Nwa50ax_firmware, Nwa5123\-Ac_hd_firmware, Nwa55axe_firmware, Nwa90ax\-Pro_firmware, Nwa90ax_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Wac500_firmware, Wac500h_firmware, Wac5302d\-Sv2_firmware, Wac6103d\-I_firmware, Wac6303d\-S_firmware, Wac6502d\-E_firmware, Wac6502d\-S_firmware, Wac6503d\-S_firmware, Wac6552d\-S_firmware, Wac6553d\-E_firmware, Wax510d_firmware, Wax610d_firmware, Wax620d\-6e_firmware, Wax630s_firmware, Wax640s\-6e_firmware, Wax650s_firmware, Wax655e_firmware 6.5
2023-04-25 CVE-2023-28771 Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_usg_100_firmware, Zywall_usg_310_firmware 9.8
2023-05-24 CVE-2023-33010 A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service... Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware 9.8
2023-04-24 CVE-2023-22913 A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device. Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware 8.1
2023-04-24 CVE-2023-22914 A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled. Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware 7.2
2023-04-24 CVE-2023-22916 The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the... Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg_20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware 8.1
2023-04-24 CVE-2023-22915 A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device. Usg_20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware 7.5
2023-04-24 CVE-2023-22917 A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file. Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg_20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware 7.5
2023-02-07 CVE-2022-38547 A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands. Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware 7.2