Every CVE whose affected-product data names Zyxel Nas326 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2024-6342 — CVSS 9.8 (critical): **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through…
CVE-2022-34747 — CVSS 9.8 (critical): A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized…
CVE-2023-35138 — CVSS 9.8 (critical): A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0…
CVE-2023-4473 — CVSS 9.8 (critical): A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version…
CVE-2023-4474 — CVSS 9.8 (critical): The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2024-29972 — CVSS 9.8 (critical): ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions…
CVE-2024-29973 — CVSS 9.8 (critical): ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions…
CVE-2024-29974 — CVSS 9.8 (critical): ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware…
CVE-2019-10633 — CVSS 8.8 (high): An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated…
CVE-2020-13364 — CVSS 8.8 (high): A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0…
CVE-2019-10630 — CVSS 8.8 (high): A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the…
CVE-2023-37927 — CVSS 8.8 (high): The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2023-37928 — CVSS 8.8 (high): A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2019-10631 — CVSS 8.8 (high): Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute…
CVE-2020-13365 — CVSS 8.8 (high): Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account…
CVE-2023-35137 — CVSS 7.5 (high): An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2023-27988 — CVSS 7.2 (high): The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an…
CVE-2023-5372 — CVSS 7.2 (high): The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware…
CVE-2024-29975 — CVSS 6.7 (medium): ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware…
CVE-2019-10632 — CVSS 6.5 (medium): A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged…
CVE-2024-29976 — CVSS 6.5 (medium): ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326…
CVE-2019-10634 — CVSS 5.4 (medium): An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or…