Zyxel Nas542_firmware

18 CVEs affecting Zyxel Nas542_firmware. Latest disclosed: 2024-09-10. Critical: 9, High: 7.

Top CVEs affecting Zyxel Nas542_firmware
CVESeverityScorePublishedSummary
CVE-2024-6342Critical9.82024-09-10**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542…
CVE-2024-29974Critical9.82024-06-04** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZ…
CVE-2024-29973Critical9.82024-06-04** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and…
CVE-2024-29972Critical9.82024-06-04** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17…
CVE-2023-4474Critical9.82023-11-30The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG…
CVE-2023-4473Critical9.82023-11-30A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could al…
CVE-2023-35138Critical9.82023-11-30A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware versi…
CVE-2023-27992Critical9.82023-06-19The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21…
CVE-2020-9054Critical9.82020-03-04Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may all…
CVE-2023-37928High8.82023-11-30A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.2…
CVE-2023-37927High8.82023-11-30The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG…
CVE-2020-13365High8.82020-08-06Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used fo…
CVE-2020-13364High8.82020-08-06A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V…
CVE-2023-35137High7.52023-11-30An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(A…
CVE-2023-5372High7.22024-01-30The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(A…
CVE-2023-27988High7.22023-05-30The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker w…
CVE-2024-29975Medium6.72024-06-04** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AA…
CVE-2024-29976Medium6.52024-06-04** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.2…