Vulnerabilidades em Zyxel
165 resultadosCVE-2020-9054CRITICALZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgiEPSS 100.0%KEVCVE-2022-30525CRITICALA OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 fEPSS 99.9%KEVCVE-2023-28771CRITICALImproper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.EPSS 99.3%KEVCVE-2024-29972CRITICAL** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions bEPSS 89.2%CVE-2024-29973CRITICAL** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5EPSS 86.2%CVE-2022-0342CRITICALAn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series fiEPSS 84.8%CVE-2023-27992CRITICALThe pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versEPSS 84.3%KEVCVE-2021-4039CRITICALA command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS comEPSS 71.0%CVE-2023-37928HIGHA post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 fiEPSS 60.2%CVE-2023-28770HIGHThe sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior toEPSS 57.8%CVE-2023-4473CRITICALA command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(EPSS 41.3%CVE-2023-35138CRITICALA command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAEPSS 40.0%CVE-2023-4474CRITICALThe improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmwareEPSS 29.7%CVE-2023-33010CRITICALA buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX seriEPSS 28.8%KEVCVE-2023-5372HIGHThe post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versiEPSS 28.5%CVE-2023-33009CRITICALA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX serieEPSS 28.1%KEVCVE-2024-29974CRITICAL** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versioEPSS 22.8%CVE-2024-40891HIGH**UNSUPPORTED WHEN ASSIGNED**
A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VEPSS 20.5%KEVCVE-2024-40890HIGH**UNSUPPORTED WHEN ASSIGNED**
A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-BEPSS 19.3%KEVCVE-2025-0890CRITICAL**UNSUPPORTED WHEN ASSIGNED**
Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware versionEPSS 12.9%