threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zyxel atp100 firmware
Product
zyxel atp100 firmware
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-6764
>= 4.32 and < 5.37
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37
8.1
HIGH
CVE-2023-6399
>= 5.10 and < 5.37
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versi
5.7
MEDIUM
CVE-2023-6398
>= 4.32 and < 5.37
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 th
7.2
HIGH
CVE-2023-6397
>= 4.32 and < 5.37
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series
6.5
MEDIUM
CVE-2023-33010
>= 4.32 and < 5.36
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG
9.8
CRITICAL
CVE-2023-33009
>= 4.60 and < 5.36
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG
9.8
CRITICAL
CVE-2023-28771
>= 4.60 and < 5.36
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60
9.8
CRITICAL
CVE-2023-27991
>= 4.32 and < 5.36
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35
8.8
HIGH
CVE-2023-27990
>= 4.32 and < 5.36
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ver
4.8
MEDIUM
CVE-2023-22918
>= 4.32 and < 5.36
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.3
6.5
MEDIUM
CVE-2023-22917
>= 5.10 and <= 5.32
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG F
7.5
HIGH
CVE-2023-22916
>= 5.10 and <= 5.35
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5
8.1
HIGH
CVE-2022-38547
>= 4.32 and <= 5.32
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through
7.2
HIGH
CVE-2022-40603
>= 4.32 and <= 5.31
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN
4.7
MEDIUM
CVE-2022-30526
>= 4.32 and <= 5.30
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.3
7.8
HIGH
CVE-2022-2030
>= 4.32 and <= 5.30
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in so
6.5
MEDIUM
CVE-2022-26532
>= 4.32 and <= 5.21
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.7
7.8
HIGH
CVE-2022-26531
>= 4.32 and <= 5.21
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 th
6.1
MEDIUM
CVE-2022-0910
>= 4.32 and <= 5.21
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL serie
6.5
MEDIUM
CVE-2022-0734
>= 4.35 and <= 5.20
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4
5.8
MEDIUM
CVE-2022-30525
>= 5.10 and < 5.30
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG
9.8
CRITICAL
CVE-2022-0342
>= 4.32 and <= 5.20
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX
9.8
CRITICAL
CVE-2020-29583
all versions
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password fo
9.8
CRITICAL
CVE-2020-9054
>= 4.35 and < 4.35\(abps.3\)c0
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin