CVE-2021-35029 — CVSS 9.8 (critical): An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through…
CVE-2022-0342 — CVSS 9.8 (critical): An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series…
CVE-2023-27991 — CVSS 8.8 (high): The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG…
CVE-2023-28767 — CVSS 8.8 (high): The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX…
CVE-2023-33011 — CVSS 8.8 (high): A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00…
CVE-2023-33012 — CVSS 8.8 (high): A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX…
CVE-2023-34139 — CVSS 8.8 (high): A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36…
CVE-2023-6764 — CVSS 8.1 (high): A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1…
CVE-2023-22916 — CVSS 8.1 (high): The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG…
CVE-2023-22913 — CVSS 8.1 (high): A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware…
CVE-2023-34138 — CVSS 8.0 (high): A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2…
CVE-2023-34141 — CVSS 8.0 (high): A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36…
CVE-2022-26532 — CVSS 7.8 (high): A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG…
CVE-2023-22915 — CVSS 7.5 (high): A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35…
CVE-2023-22917 — CVSS 7.5 (high): A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX…
CVE-2022-38547 — CVSS 7.2 (high): A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72…
CVE-2023-22914 — CVSS 7.2 (high): A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and…
CVE-2023-6398 — CVSS 7.2 (high): A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through…
CVE-2023-6397 — CVSS 6.5 (medium): A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware…
CVE-2023-22918 — CVSS 6.5 (medium): A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG…
CVE-2022-0910 — CVSS 6.5 (medium): A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series…
CVE-2023-34140 — CVSS 6.5 (medium): A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50…
CVE-2022-26531 — CVSS 6.1 (medium): Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through…
CVE-2022-0734 — CVSS 5.8 (medium): A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG…
CVE-2023-6399 — CVSS 5.7 (medium): A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from…
CVE-2023-27990 — CVSS 4.8 (medium): The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions…