Zyxel Vpn Series Firmware
37 CVEs affecting Zyxel Vpn Series Firmware. Latest disclosed: 2023-11-28. Critical: 6, High: 16.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-33010 | Critical | 9.8 | 2023-05-24 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware version… |
CVE-2023-33009 | Critical | 9.8 | 2023-05-24 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions… |
CVE-2023-28771 | Critical | 9.8 | 2023-04-25 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series… |
CVE-2022-30525 | Critical | 9.8 | 2022-05-12 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5… |
CVE-2022-0342 | Critical | 9.8 | 2022-03-28 | An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.5… |
CVE-2021-35029 | Critical | 9.8 | 2021-07-02 | An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP… |
CVE-2023-34139 | High | 8.8 | 2023-07-17 | A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series… |
CVE-2023-33012 | High | 8.8 | 2023-07-17 | A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware ver… |
CVE-2023-33011 | High | 8.8 | 2023-07-17 | A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2… |
CVE-2023-28767 | High | 8.8 | 2023-07-17 | The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions… |
CVE-2023-27991 | High | 8.8 | 2023-04-24 | The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware ve… |
CVE-2023-22916 | High | 8.1 | 2023-04-24 | The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware… |
CVE-2023-22913 | High | 8.1 | 2023-04-24 | A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, a… |
CVE-2023-34141 | High | 8.0 | 2023-07-17 | A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX ser… |
CVE-2023-34138 | High | 8.0 | 2023-07-17 | A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmwa… |
CVE-2022-30526 | High | 7.8 | 2022-07-19 | A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware vers… |
CVE-2022-26532 | High | 7.8 | 2022-05-24 | A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware v… |
CVE-2023-4398 | High | 7.5 | 2023-11-28 | An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 throu… |
CVE-2023-22917 | High | 7.5 | 2023-04-24 | A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00… |
CVE-2023-22915 | High | 7.5 | 2023-04-24 | A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware v… |