Zyxel Usg20(w)-vpn Series Firmware

27 CVEs affecting Zyxel Usg20(w)-vpn Series Firmware. Latest disclosed: 2026-02-05. Critical: 0, High: 16.

Top CVEs affecting Zyxel Usg20(w)-vpn Series Firmware
CVESeverityScorePublishedSummary
CVE-2023-33012High8.82023-07-17A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware ver…
CVE-2023-33011High8.82023-07-17A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2…
CVE-2023-28767High8.82023-07-17The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions…
CVE-2025-9133High8.12025-10-21A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.4…
CVE-2024-42057High8.12024-09-03A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions fr…
CVE-2023-6764High8.12024-02-20 A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX…
CVE-2023-34141High8.02023-07-17A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX ser…
CVE-2023-34138High8.02023-07-17A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmwa…
CVE-2024-11667High7.52024-11-27A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware version…
CVE-2024-42058High7.52024-09-03A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V…
CVE-2023-4398High7.52023-11-28An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 throu…
CVE-2025-11730High7.22026-02-05A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 thro…
CVE-2025-8078High7.22025-10-21A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4…
CVE-2024-42060High7.22024-09-03A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4…
CVE-2024-42059High7.22024-09-03A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5…
CVE-2023-6398High7.22024-02-20A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX…
CVE-2023-34140Medium6.52023-07-17A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch…
CVE-2024-42061Medium6.12024-09-03A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, US…
CVE-2023-6399Medium5.72024-02-20A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Pa…
CVE-2023-5797Medium5.52023-11-28An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware v…