threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zyxel vpn300 firmware
Product
zyxel vpn300 firmware
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-33010
>= 4.30 and < 5.36
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG
9.8
CRITICAL
CVE-2023-33009
>= 4.60 and < 5.36
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG
9.8
CRITICAL
CVE-2023-28771
>= 4.60 and < 5.36
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60
9.8
CRITICAL
CVE-2023-27991
>= 4.30 and < 5.36
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35
8.8
HIGH
CVE-2023-27990
>= 4.30 and < 5.36
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ver
4.8
MEDIUM
CVE-2023-22918
>= 4.30 and < 5.36
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.3
6.5
MEDIUM
CVE-2023-22917
>= 5.00 and <= 5.35
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG F
7.5
HIGH
CVE-2023-22916
>= 5.00 and <= 5.35
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5
8.1
HIGH
CVE-2023-22915
>= 4.50 and <= 5.35
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 throug
7.5
HIGH
CVE-2023-22914
>= 4.50 and <= 5.35
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through
7.2
HIGH
CVE-2023-22913
>= 4.50 and <= 5.35
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmw
8.1
HIGH
CVE-2022-38547
>= 4.30 and <= 5.32
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through
7.2
HIGH
CVE-2022-40603
>= 4.30 and <= 5.31
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN
4.7
MEDIUM
CVE-2022-30526
>= 4.30 and <= 5.30
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.3
7.8
HIGH
CVE-2022-2030
>= 4.30 and <= 5.30
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in so
6.5
MEDIUM
CVE-2022-26532
>= 4.30 and <= 5.21
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.7
7.8
HIGH
CVE-2022-26531
>= 4.30 and <= 5.21
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 th
6.1
MEDIUM
CVE-2022-0910
>= 4.32 and <= 5.21
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL serie
6.5
MEDIUM
CVE-2022-0734
>= 4.35 and <= 5.20
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4
5.8
MEDIUM
CVE-2022-30525
>= 4.60 and < 5.30
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG
9.8
CRITICAL
CVE-2022-0342
>= 4.30 and < 5.21
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX
9.8
CRITICAL
CVE-2020-29583
all versions
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password fo
9.8
CRITICAL
CVE-2020-9054
>= 4.35 and < 4.35\(abfc.3\)c0
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection
9.8
CRITICAL
CVE-2019-9955
all versions
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, US
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin