CVE-2023-6764

>= 4.32 and < 5.37

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37

8.1HIGH

CVE-2023-6399

>= 5.10 and < 5.37

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versi

5.7MEDIUM

CVE-2023-6398

>= 4.32 and < 5.37

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 th

7.2HIGH

CVE-2023-6397

>= 4.32 and < 5.37

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series

6.5MEDIUM

CVE-2023-33010

>= 4.32 and < 5.36

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2023-33009

>= 4.60 and < 5.36

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2023-28771

>= 4.60 and < 5.36

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

9.8CRITICAL

CVE-2023-27991

>= 4.32 and < 5.36

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35

8.8HIGH

CVE-2023-27990

>= 4.32 and < 5.36

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ver

4.8MEDIUM

CVE-2023-22918

>= 4.32 and < 5.36

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.3

6.5MEDIUM

CVE-2023-22917

>= 5.10 and <= 5.32

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG F

7.5HIGH

CVE-2023-22916

>= 5.10 and <= 5.35

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5

8.1HIGH

CVE-2022-38547

>= 4.32 and <= 5.32

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through

7.2HIGH

CVE-2022-40603

>= 4.32 and <= 5.31

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN

4.7MEDIUM

CVE-2022-30526

>= 4.32 and <= 5.30

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.3

7.8HIGH

CVE-2022-2030

>= 4.32 and <= 5.30

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in so

6.5MEDIUM

CVE-2022-26532

>= 4.32 and <= 5.21

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.7

7.8HIGH

CVE-2022-26531

>= 4.32 and <= 5.21

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 th

6.1MEDIUM

CVE-2022-0910

>= 4.32 and <= 5.21

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL serie

6.5MEDIUM

CVE-2022-0734

>= 4.35 and <= 5.20

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4

5.8MEDIUM

CVE-2022-30525

>= 5.10 and < 5.30

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG

9.8CRITICAL

CVE-2022-0342

>= 4.32 and <= 5.20

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX

9.8CRITICAL

CVE-2020-29583

all versions

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password fo

9.8CRITICAL

CVE-2020-9054

>= 4.35 and < 4.35\(abiq.3\)c0

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection

9.8CRITICAL

CVE-2019-9955

all versions

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, US

6.1MEDIUM