CVE-2023-33010

>= 4.25 and < 4.73

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2023-33009

>= 4.60 and < 4.73

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG

9.8CRITICAL

CVE-2022-38547

>= 4.20 and <= 4.72

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through

7.2HIGH

CVE-2022-40603

>= 4.30 and <= 4.72

A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN

4.7MEDIUM

CVE-2022-30526

>= 4.09 and <= 4.72

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.3

7.8HIGH

CVE-2022-2030

>= 4.20 and <= 4.72

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in so

6.5MEDIUM

CVE-2022-26532

>= 4.09 and <= 4.71

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.7

7.8HIGH

CVE-2022-26531

>= 4.09 and <= 4.71

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 th

6.1MEDIUM

CVE-2022-0910

>= 4.32 and <= 4.71

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL serie

6.5MEDIUM

CVE-2022-0734

>= 4.35 and <= 4.70

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4

5.8MEDIUM

CVE-2022-0342

>= 4.20 and < 4.71

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX

9.8CRITICAL

CVE-2021-35029

>= 4.35 and <= 4.64

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 th

9.8CRITICAL

CVE-2020-29583

all versions

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password fo

9.8CRITICAL

CVE-2020-9054

>= 4.35 and < 4.35\(aaky.3\)c0

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection

9.8CRITICAL

CVE-2019-9955

all versions

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, US

6.1MEDIUM

CVE-2018-9129

all versions

ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation

5.9MEDIUM