CVE-2025-9133

>= 4.32 and < 5.41

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware ver

8.1HIGH

CVE-2025-8078

>= 4.32 and < 5.41

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX ser

7.2HIGH

CVE-2024-11667

>= 5.00 and <= 5.38

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG

7.5HIGH

CVE-2024-42061

>= 4.32 and < 5.39

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions

6.1MEDIUM

CVE-2024-7203

>= 4.60 and < 5.39

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX

7.2HIGH

CVE-2024-6343

>= 4.32 and < 5.39

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series

4.9MEDIUM

CVE-2024-42060

>= 4.32 and < 5.39

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX ser

7.2HIGH

CVE-2024-42059

>= 5.00 and < 5.39

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX ser

7.2HIGH

CVE-2024-42058

>= 4.32 and < 5.39

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware

7.5HIGH

CVE-2024-42057

>= 4.32 and < 5.39

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLE

8.1HIGH

CVE-2023-5960

>= 4.50 and <= 5.37

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through

5.5MEDIUM

CVE-2023-5797

>= 4.32 and <= 5.37

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.3

5.5MEDIUM

CVE-2023-5650

>= 4.32 and <= 5.37

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX s

5.5MEDIUM

CVE-2023-4398

>= 4.32 and <= 5.37

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series

7.5HIGH

CVE-2023-4397

all versions

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(

4.4MEDIUM

CVE-2023-37926

>= 4.32 and <= 5.37

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.5

5.5MEDIUM

CVE-2023-37925

>= 4.32 and <= 5.37

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.3

5.5MEDIUM

CVE-2023-35139

>= 5.10 and <= 5.37

A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLE

5.2MEDIUM

CVE-2023-35136

>= 4.32 and <= 5.37

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37

5.5MEDIUM

CVE-2020-29299

< 4.39

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. Thi

7.2HIGH

CVE-2020-25014

>= 4.30 and <= 4.55

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 throug

9.8CRITICAL