Vulnerabilities in Zyxel
165 resultsCVE-2023-35136MEDIUMAn improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX serEPSS 0.2%CVE-2024-8882MEDIUMA buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow anEPSS 0.2%CVE-2026-4795MEDIUMA missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00(ACPS.2)C0, GS1200-8v3 firmware versions through 1.0EPSS 0.2%CVE-2023-4397MEDIUMA buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series EPSS 0.2%CVE-2022-0823MEDIUMAn improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the passworEPSS 0.2%CVE-2023-37926MEDIUMA buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through EPSS 0.2%CVE-2023-37925MEDIUMAn improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEEPSS 0.2%CVE-2023-5960MEDIUMAn improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VEPSS 0.2%CVE-2023-5593HIGHThe out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticatedEPSS 0.2%CVE-2023-5650MEDIUMAn improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmEPSS 0.2%CVE-2026-6058MEDIUM** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00EPSS 0.2%CVE-2021-35032MEDIUMA vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitEPSS 0.2%CVE-2023-5797MEDIUMAn improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEEPSS 0.2%CVE-2024-38270MEDIUMAn insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens genEPSS 0.2%CVE-2025-1732MEDIUMAn improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlieEPSS 0.2%CVE-2022-26414MEDIUMA potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, wEPSS 0.2%CVE-2026-7255MEDIUM** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface oEPSS 0.2%CVE-2022-45439MEDIUMA pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0 in cleartext. EPSS 0.2%CVE-2023-35140MEDIUMThe improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated EPSS 0.2%CVE-2022-45853MEDIUMThe privilege escalation vulnerability in the Zyxel GS1900-8 firmware version
V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHIEPSS 0.2%