Every CVE whose affected-product data names Zyxel Nas542 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2024-6342 — CVSS 9.8 (critical): **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through…
CVE-2023-35138 — CVSS 9.8 (critical): A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0…
CVE-2023-4473 — CVSS 9.8 (critical): A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version…
CVE-2023-4474 — CVSS 9.8 (critical): The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2024-29972 — CVSS 9.8 (critical): ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions…
CVE-2024-29973 — CVSS 9.8 (critical): ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions…
CVE-2024-29974 — CVSS 9.8 (critical): ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware…
CVE-2023-37927 — CVSS 8.8 (high): The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2020-13364 — CVSS 8.8 (high): A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0…
CVE-2020-13365 — CVSS 8.8 (high): Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account…
CVE-2023-37928 — CVSS 8.8 (high): A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2023-35137 — CVSS 7.5 (high): An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542…
CVE-2023-5372 — CVSS 7.2 (high): The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware…
CVE-2023-27988 — CVSS 7.2 (high): The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an…
CVE-2024-29975 — CVSS 6.7 (medium): ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware…
CVE-2024-29976 — CVSS 6.5 (medium): ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326…