Vulnerabilities in Zyxel
165 resultsCVE-2021-35033HIGHA vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password managemEPSS 0.4%CVE-2023-28767HIGHThe configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX serieEPSS 0.4%CVE-2022-40603MEDIUMA cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firEPSS 0.4%CVE-2022-45441MEDIUMA cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker tEPSS 0.4%CVE-2023-27990MEDIUMThe cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50EPSS 0.3%CVE-2022-0556HIGHA local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) EPSS 0.3%CVE-2024-1575MEDIUMThe improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an autheEPSS 0.3%CVE-2026-7273HIGHA stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow aEPSS 0.3%CVE-2022-34746MEDIUMAn insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was founEPSS 0.3%CVE-2026-7287HIGH** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and foEPSS 0.3%CVE-2021-35028HIGHA command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to exEPSS 0.3%CVE-2023-33011HIGHA format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 thEPSS 0.3%CVE-2023-6397MEDIUM
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX serieEPSS 0.3%CVE-2024-42061MEDIUMA reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.3EPSS 0.3%CVE-2022-45854MEDIUMAn improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to caEPSS 0.3%CVE-2025-6599MEDIUMAn uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could EPSS 0.3%CVE-2023-28768MEDIUMImproper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firEPSS 0.3%CVE-2021-35030LOWA vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and cEPSS 0.3%CVE-2023-34140MEDIUMA buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 EPSS 0.3%CVE-2022-45440MEDIUMA vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on externaEPSS 0.2%