Every CVE whose affected-product data names Zyxel Zld, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2020-25014 — CVSS 9.8 (critical): A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to…
CVE-2025-9133 — CVSS 8.1 (high): A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions…
CVE-2024-42057 — CVSS 8.1 (high): A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series…
CVE-2024-42058 — CVSS 7.5 (high): A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions…
CVE-2023-4398 — CVSS 7.5 (high): An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware…
CVE-2024-7203 — CVSS 7.2 (high): A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series…
CVE-2025-8078 — CVSS 7.2 (high): A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series…
CVE-2020-29299 — CVSS 7.2 (high): Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects…
CVE-2024-42059 — CVSS 7.2 (high): A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series…
CVE-2024-42060 — CVSS 7.2 (high): A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series…
CVE-2024-42061 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from…
CVE-2023-35136 — CVSS 5.5 (medium): An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG…
CVE-2023-37925 — CVSS 5.5 (medium): An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG…
CVE-2023-37926 — CVSS 5.5 (medium): A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through…
CVE-2023-5650 — CVSS 5.5 (medium): An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series…
CVE-2023-5797 — CVSS 5.5 (medium): An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG…
CVE-2023-5960 — CVSS 5.5 (medium): An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and…
CVE-2023-35139 — CVSS 5.2 (medium): A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series…
CVE-2024-6343 — CVSS 4.9 (medium): A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware…
CVE-2023-4397 — CVSS 4.4 (medium): A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series…