threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zyxel usg20 vpn firmware
Product
zyxel usg20 vpn firmware
15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-6764
>= 4.16 and < 5.37
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37
8.1
HIGH
CVE-2023-6399
>= 5.10 and < 5.37
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versi
5.7
MEDIUM
CVE-2023-6398
>= 4.16 and < 5.37
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 th
7.2
HIGH
CVE-2023-33010
>= 4.30 and < 5.36
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG
9.8
CRITICAL
CVE-2023-33009
>= 4.60 and < 5.36
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG
9.8
CRITICAL
CVE-2023-27991
>= 4.30 and < 5.36
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35
8.8
HIGH
CVE-2023-27990
>= 4.30 and < 5.36
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ver
4.8
MEDIUM
CVE-2023-22918
>= 4.30 and < 5.36
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.3
6.5
MEDIUM
CVE-2022-38547
>= 4.30 and <= 5.32
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through
7.2
HIGH
CVE-2022-30526
>= 4.30 and <= 5.30
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.3
7.8
HIGH
CVE-2022-2030
>= 4.30 and <= 5.30
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in so
6.5
MEDIUM
CVE-2021-35029
>= 4.35 and <= 5.01
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 th
9.8
CRITICAL
CVE-2020-29583
all versions
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password fo
9.8
CRITICAL
CVE-2020-9054
>= 4.35 and < 4.35\(abaq.3\)c0
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection
9.8
CRITICAL
CVE-2019-9955
all versions
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, US
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin