CVE-2023-6764

>= 4.16 and < 5.37

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37

8.1HIGH

CVE-2023-6399

>= 5.10 and < 5.37

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versi

5.7MEDIUM

CVE-2023-6398

>= 4.16 and < 5.37

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 th

7.2HIGH

CVE-2023-6397

>= 4.50 and < 5.37

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series

6.5MEDIUM

CVE-2023-34141

>= 5.00 and < 5.37

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 throu

8.0HIGH

CVE-2023-34140

>= 4.50 and < 5.37

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware vers

6.5MEDIUM

CVE-2023-34139

>= 4.50 and < 5.37

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 throug

8.8HIGH

CVE-2023-34138

>= 4.60 and < 5.37

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Pa

8.0HIGH

CVE-2023-33012

>= 5.00 and < 5.37

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2,

8.8HIGH

CVE-2023-33011

>= 5.00 and < 5.37

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versio

8.8HIGH

CVE-2023-28767

>= 5.00 and < 5.37

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG

8.8HIGH

CVE-2023-33010

all versions

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2023-33009

>= 4.60 and < 5.36

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2023-28771

>= 4.60 and < 5.36

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

9.8CRITICAL

CVE-2023-27991

>= 4.50 and < 5.36

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35

8.8HIGH

CVE-2023-27990

>= 4.50 and < 5.36

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ver

4.8MEDIUM

CVE-2023-22918

>= 4.50 and < 5.36

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.3

6.5MEDIUM

CVE-2023-22917

>= 5.00 and <= 5.32

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG F

7.5HIGH

CVE-2023-22916

>= 5.00 and <= 5.35

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5

8.1HIGH

CVE-2023-22915

>= 4.50 and <= 5.35

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 throug

7.5HIGH

CVE-2023-22914

>= 4.50 and <= 5.35

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through

7.2HIGH

CVE-2023-22913

>= 4.50 and <= 5.35

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmw

8.1HIGH

CVE-2022-38547

>= 4.50 and <= 5.32

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through

7.2HIGH