Zyxel Usg20(w)-vpn Firmware
8 CVEs affecting Zyxel Usg20(w)-vpn Firmware. Latest disclosed: 2023-05-24. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-33010 | Critical | 9.8 | 2023-05-24 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware version… |
CVE-2023-33009 | Critical | 9.8 | 2023-05-24 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions… |
CVE-2023-27991 | High | 8.8 | 2023-04-24 | The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ve… |
CVE-2023-22916 | High | 8.1 | 2023-04-24 | The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware… |
CVE-2023-22917 | High | 7.5 | 2023-04-24 | A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00… |
CVE-2023-22915 | High | 7.5 | 2023-04-24 | A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware v… |
CVE-2023-22918 | Medium | 6.5 | 2023-04-24 | A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware v… |
CVE-2023-27990 | Medium | 4.8 | 2023-04-24 | The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG… |