CVE-2023-6764

>= 4.50 and < 5.37

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37

8.1HIGH

CVE-2023-6399

>= 5.10 and < 5.37

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versi

5.7MEDIUM

CVE-2023-6398

>= 4.50 and < 5.37

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 th

7.2HIGH

CVE-2023-6397

>= 4.50 and < 5.37

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series

6.5MEDIUM

CVE-2023-34141

>= 5.00 and < 5.37

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 throu

8.0HIGH

CVE-2023-34140

>= 4.50 and < 5.37

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware vers

6.5MEDIUM

CVE-2023-34139

>= 4.50 and < 5.37

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 throug

8.8HIGH

CVE-2023-34138

>= 4.60 and < 5.37

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Pa

8.0HIGH

CVE-2023-33012

>= 5.00 and < 5.37

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2,

8.8HIGH

CVE-2023-33011

>= 5.00 and < 5.37

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versio

8.8HIGH

CVE-2023-28767

>= 5.00 and < 5.37

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG

8.8HIGH

CVE-2023-33010

all versions

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2023-33009

>= 4.60 and < 5.36

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2023-28771

>= 4.60 and < 5.36

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

9.8CRITICAL

CVE-2023-27991

>= 4.50 and < 5.36

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35

8.8HIGH

CVE-2023-27990

>= 4.50 and < 5.36

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ver

4.8MEDIUM

CVE-2023-22918

>= 4.50 and < 5.36

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.3

6.5MEDIUM

CVE-2023-22917

>= 5.00 and <= 5.32

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG F

7.5HIGH

CVE-2023-22916

>= 5.00 and <= 5.35

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5

8.1HIGH

CVE-2023-22915

>= 4.50 and <= 5.35

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 throug

7.5HIGH

CVE-2023-22914

>= 4.50 and <= 5.35

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through

7.2HIGH

CVE-2023-22913

>= 4.50 and <= 5.35

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmw

8.1HIGH

CVE-2022-38547

>= 4.50 and <= 5.32

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through

7.2HIGH

CVE-2022-40603

>= 4.50 and <= 5.31

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN

4.7MEDIUM

CVE-2022-30526

>= 4.50 and <= 5.30

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.3

7.8HIGH

CVE-2022-2030

>= 4.50 and <= 5.30

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in so

6.5MEDIUM

CVE-2022-26532

>= 4.50 and <= 5.21

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.7

7.8HIGH

CVE-2022-26531

>= 4.50 and <= 5.21

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 th

6.1MEDIUM

CVE-2022-0910

>= 4.50 and <= 5.21

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL serie

6.5MEDIUM

CVE-2022-0734

>= 4.50 and <= 5.20

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4

5.8MEDIUM

CVE-2022-30525

>= 5.00 and < 5.30

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG

9.8CRITICAL

CVE-2022-0342

>= 4.50 and <= 5.20

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX

9.8CRITICAL

CVE-2021-35029

>= 4.35 and <= 5.01

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 th

9.8CRITICAL

CVE-2020-29583

all versions

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password fo

9.8CRITICAL