CVE-2023-34141

>= 5.00 and < 5.37

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 throu

8.0HIGH

CVE-2023-34140

>= 4.30 and < 5.37

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware vers

6.5MEDIUM

CVE-2023-34139

>= 4.20 and < 5.37

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 throug

8.8HIGH

CVE-2023-34138

>= 4.60 and < 5.37

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Pa

8.0HIGH

CVE-2023-33012

>= 5.00 and < 5.37

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2,

8.8HIGH

CVE-2023-33011

>= 5.00 and < 5.37

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versio

8.8HIGH

CVE-2023-28767

>= 5.00 and < 5.37

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG

8.8HIGH

CVE-2022-30526

>= 4.30 and <= 5.30

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.3

7.8HIGH

CVE-2022-2030

>= 4.30 and <= 5.30

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in so

6.5MEDIUM

CVE-2022-26532

>= 4.09 and <= 4.71

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.7

7.8HIGH

CVE-2022-26531

>= 4.09 and <= 4.71

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 th

6.1MEDIUM

CVE-2022-0910

>= 4.32 and <= 4.71

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL serie

6.5MEDIUM

CVE-2022-0734

>= 4.35 and <= 4.70

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4

5.8MEDIUM

CVE-2021-35029

>= 4.35 and <= 5.01

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 th

9.8CRITICAL

CVE-2019-12581

<= 4.30

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and U

6.1MEDIUM

CVE-2019-12583

<= 4.33\(abae.0\)c0

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to gene

9.1CRITICAL

CVE-2019-9955

all versions

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, US

6.1MEDIUM

CVE-2018-9129

all versions

ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation

5.9MEDIUM