Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-0890

Summary
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
Published At-04 Feb, 2025 | 10:06
Updated At-12 Feb, 2025 | 20:51
Rejected At-
Credits

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zyxel
Assigner Org ID:96e50032-ad0d-4058-a115-4d2c13821f9f
Published At:04 Feb, 2025 | 10:06
Updated At:12 Feb, 2025 | 20:51
Rejected At:
▼CVE Numbering Authority (CNA)

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
VMG4325-B10A firmware
Default Status
unaffected
Versions
Affected
  • <= 1.00(AAFR.4)C0_20170615
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025
vendor-advisory
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zyxel.com.tw
Published At:04 Feb, 2025 | 11:15
Updated At:04 Feb, 2025 | 11:15

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-287Primarysecurity@zyxel.com.tw
CWE ID: CWE-287
Type: Primary
Source: security@zyxel.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025security@zyxel.com.tw
N/A
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025
Source: security@zyxel.com.tw
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

681Records found
CVE-2022-40602
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 76.62%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-28 Apr, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3301-m209_firmwarelte3301-m209LTE3301-M209
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-0342
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.29% / 99.71%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 12:05
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg60_firmwarevpn100usg40_firmwareusg60w_firmwareatp100_firmwarensg300_firmwareatp100zywall_110atp800_firmwareusg_flex_200usg_flex_500_firmwareusg_flex_100usg_flex_100w_firmwareatp100watp100w_firmwarevpn300_firmwareusg_flex_200_firmwarevpn50_firmwareusg40w_firmwarezywall_1100atp200atp700nsg300usg_flex_700vpn100_firmwarevpn300usg40wusg_flex_100wusg60watp700_firmwareatp500_firmwareusg40atp800zywall_310_firmwareusg60vpn50usg_flex_100_firmwarevpn1000_firmwarezywall_110_firmwarezywall_310atp500usg_flex_700_firmwarezywall_1100_firmwarevpn1000usg_flex_500atp200_firmwareATP series firmwareNSG series firmwareVPN series firmwareUSG FLEX series firmwareUSG/ZyWALL series firmware
CWE ID-CWE-287
Improper Authentication
CVE-2021-35029
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.41%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 10:29
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg110_firmwareusg40_firmwareusg60w_firmwareusg1000_firmwarezywall_atp700_firmwareusg2200-vpn_firmwareusg20-vpn_firmwarezywall_110usg2000usg_flex_100usg1900_firmwareusg50_firmwareusg_flex_100w_firmwarezywall_vpn300_firmwareusg100_firmwarezywall_atp200usg40w_firmwarezywall_vpn100_firmwarezywall_1100zywall_vpn100zywall_atp100w_firmwareusg1000usg300_firmwareusg60wzywall_atp800_firmwareusg200zywall_310_firmwareusg310zywall_atp100wzywall_atp500_firmwareusg20w_firmwarezywall_vpn300zywall_110_firmwarezywall_310usg20wzywall_1100_firmwareusg20w-vpn_firmwareusg_flex_500usg310_firmwareusg20usg60_firmwarezywall_atp700zywall_atp800usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg1100usg110usg2000_firmwareusg1100_firmwareusg_flex_200_firmwareusg20-vpnusg1900usg210_firmwarezywall_vpn50usg50usg20w-vpnusg300usg200_firmwareusg_flex_700usg40wusg_flex_100wusg100usg20_firmwarezywall_atp200_firmwarezywall_atp500usg2200-vpnusg40zywall_atp100usg210usg60usg_flex_100_firmwareusg_flex_700_firmwarezywall_vpn50_firmwareUSG FLEX series FirmwareATP series FirmwareVPN series FirmwareUSG/Zywall series Firmware
CWE ID-CWE-287
Improper Authentication
CVE-2023-27992
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-86.39% / 99.36%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 11:42
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-14||Apply updates per vendor instructions.

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326_firmwarenas542nas540_firmwarenas542_firmwarenas326nas540NAS326 firmwareNAS540 firmwareNAS542 firmwareMultiple Network-Attached Storage (NAS) Devices
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28769
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-73.35% / 98.74%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx5401-b0_firmwaredx5401-b0DX5401-B0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22920
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.83%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3316-m604lte3316-m604_firmwarelte3202-m437lte3202-m437_firmwareLTE3316-M604
CWE ID-CWE-284
Improper Access Control
CVE-2024-29974
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-47.60% / 97.62%
||
7 Day CHG+0.88%
Published-04 Jun, 2024 | 01:34
Updated-22 Jan, 2025 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-29972
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.22% / 99.71%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 01:24
Updated-22 Jan, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43389
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-8.6||HIGH
EPSS-0.86% / 74.05%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3202-m437pmg5317-t20bpm7320-b0_firmwarepm7320-b0nebula_fwa710nr7102nr5103e_firmwarenebula_nr7101pmg5617ganr7103_firmwarenebula_fwa510nr7102_firmwarenr7101nebula_fwa510_firmwareep240p_firmwarenr7101_firmwarelte7490-m904nr7103nebula_fwa710_firmwarelte3316-m604_firmwarepmg5622galte7480-m804_firmwarenr5103enebula_nr7101_firmwarepmg5317-t20b_firmwarelte7490-m904_firmwarepmg5622ga_firmwarelte3316-m604nr5103_firmwarelte3202-m437_firmwarenr5103pmg5617ga_firmwarelte7480-m804ep240pNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-38546
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.98%
||
7 Day CHG~0.00%
Published-21 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg7510nbg7510_firmwareNBG7510 firmware
CWE ID-CWE-284
Improper Access Control
CVE-2022-34747
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.34% / 88.48%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 01:20
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas326_firmwareZyxel NAS326 firmware
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2024-11667
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-50.98% / 97.78%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 09:39
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-12-24||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100watpusg_flex_50wusg_flexatp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG20(W)-VPN series firmwareUSG FLEX series firmwareUSG FLEX 50(W) series firmwareATP series firmwareusg20-vpn_firmwareusg_flex_firmwareatp_firmwareusg_flex_50w_firmwareMultiple Firewalls
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-4039
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-80.64% / 99.10%
||
7 Day CHG~0.00%
Published-01 Mar, 2022 | 06:40
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nwa1100-nhnwa1100-nh_firmwareNWA1100-NH firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30525
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.45% / 99.99%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 13:05
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-06||Apply updates per vendor instructions.

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_500_firmwareusg_flex_50w_firmwareatp800atp500_firmwarevpn50_firmwarevpn1000_firmwarevpn300usg_flex_700atp100atp100_firmwareatp700vpn300_firmwareusg_flex_200atp100wusg_flex_50wusg_flex_700_firmwareusg_flex_500atp200usg20w-vpn_firmwarevpn1000usg20w-vpnatp200_firmwareusg_flex_100w_firmwareusg_flex_200_firmwarevpn50atp700_firmwareusg_flex_100wvpn100_firmwarevpn100atp100w_firmwareatp500atp800_firmwareUSG FLEX 100(W) firmwareUSG 20(W)-VPN firmwareUSG FLEX 700 firmwareUSG FLEX 500 firmwareUSG FLEX 200 firmwareVPN series firmwareUSG FLEX 50(W) firmwareATP series firmwareMultiple Firewalls
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4473
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-39.94% / 97.22%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 01:40
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas542_firmwarenas542nas326_firmwareNAS542 firmwareNAS326 firmwarenas326_firmwarenas542_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4474
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-16.28% / 94.57%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 01:45
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas542_firmwarenas542nas326_firmwareNAS542 firmwareNAS326 firmwarenas326_firmwarenas542_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-7673
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 80.05%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 07:11
Updated-19 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-VMG8825-T50K firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-28771
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.35% / 99.95%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-21||Apply updates per vendor instructions.

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_500_firmwareusg_flex_50w_firmwareusg_flex_50atp800atp500_firmwarevpn50_firmwarezywall_usg_100vpn1000_firmwarevpn300zywall_usg_310_firmwareusg_flex_700atp100atp100_firmwarezywall_usg_310atp700usg_flex_100vpn300_firmwareatp100wusg_flex_200usg_flex_50wusg_flex_700_firmwareusg_flex_500usg_flex_100_firmwareatp200vpn1000atp200_firmwarezywall_usg_100_firmwareusg_flex_100w_firmwareusg_flex_200_firmwareatp700_firmwarevpn50usg_flex_100wvpn100_firmwarevpn100atp100w_firmwareatp500atp800_firmwareusg_flex_50_firmwareZyWALL/USG series firmwareVPN series firmwareUSG FLEX series firmwareATP series firmwareMultiple Firewalls
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-35138
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.31% / 91.91%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 01:30
Updated-02 Aug, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas542_firmwarenas542nas326_firmwareNAS542 firmwareNAS326 firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33009
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.64% / 88.86%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-atp800_firmwareatp100_firmwareatp200usg_20w-vpnusg_flex_700_firmwareatp100wusg_20w-vpn_firmwareusg_60_firmwareusg_flex_200_firmwarevpn50_firmwareusg_40wusg_flex_100_firmwareusg_60wusg_flex_500_firmwareusg_60w_firmwareusg_flex_50watp200_firmwareatp800atp100w_firmwareatp700_firmwareusg_flex_50_firmwareusg_flex_50w_firmwareusg_flex_100atp700vpn100vpn300_firmwareusg_40_firmwareusg_flex_500usg_40usg_flex_700atp100usg20-vpn_firmwareatp500vpn1000usg20-vpnvpn300vpn1000_firmwareusg_flex_100w_firmwarevpn50usg_60usg_40w_firmwareusg_flex_200atp500_firmwarevpn100_firmwareusg_flex_50usg_flex_100wZyWALL/USG series firmwareUSG FLEX series firmwareUSG20(W)-VPN firmwareVPN series firmwareUSG FLEX 50(W) firmwareATP series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33010
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.20% / 91.22%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-atp800_firmwareatp100_firmwareatp200usg_20w-vpnusg_flex_700_firmwareatp100wusg_20w-vpn_firmwareusg_60_firmwareusg_flex_200_firmwarevpn50_firmwareusg_40wusg_flex_100_firmwareusg_60wusg_flex_500_firmwareusg_60w_firmwareusg_flex_50watp200_firmwareatp800atp100w_firmwareatp700_firmwareusg_flex_50_firmwareusg_flex_50w_firmwareusg_flex_100atp700vpn100vpn300_firmwareusg_40_firmwareusg_flex_500usg_40usg_flex_700atp100usg20-vpn_firmwareatp500vpn1000usg20-vpnvpn300vpn1000_firmwareusg_flex_100w_firmwarevpn50usg_60usg_40w_firmwareusg_flex_200atp500_firmwarevpn100_firmwareusg_flex_50usg_flex_100wZyWALL/USG series firmwareUSG FLEX series firmwareUSG20(W)-VPN firmwareVPN series firmwareUSG FLEX 50(W) firmwareATP series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8234
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-40.01% / 97.23%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 00:28
Updated-22 Jan, 2025 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nwaw1100-nnwaw1100-n_firmwareNWA1100-N firmwarenwa1100-n_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-6342
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.09% / 90.40%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 01:55
Updated-22 Jan, 2025 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7261
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.81% / 85.56%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 02:10
Updated-13 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nwa90ax_pro_firmwarenwa210ax_firmwarewax620d-6e_firmwarewac500hnwa220ax-6e_firmwarenwa50ax_firmwarewbe530wac500h_firmwarenwa210axnwa50axusg_lite_60ax_firmwarewax640s-6e_firmwarewax300hwax610dnwa1123acv3wax620d-6ewbe660snwa110ax_firmwarewac6552d-s_firmwarenwa130be_firmwarenwa55axewac500nwa50ax_prowax630s_firmwarewax510d_firmwarenwa50ax_pro_firmwarewac6503d-s_firmwarenwa1123-ac_pro_firmwarewac500_firmwarewax655enwa90ax_firmwarewax640s-6ewbe660s_firmwarewac6503d-swac6103d-inwa90axwac6553d-eusg_lite_60axwax510dwbe530_firmwarewax650s_firmwarewac6502d-swac6553d-e_firmwarewac6502d-s_firmwarewax655e_firmwarewac6552d-snwa130bewax610d_firmwarewac6103d-i_firmwarewax630snwa1123-ac_pronwa110axnwa220ax-6enwa90ax_prowax300h_firmwarewax650snwa1123acv3_firmwarenwa55axe_firmwareUSG LITE 60AX firmwareWAC500 firmwareWAX655E firmwareWBE530 firmwareNWA1123ACv3 firmwarewbe530_firmwarewac500_firmwarewax655e_firmwarenwa1123acv3_firmwareusg_lite_60ax_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-29973
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-93.90% / 99.87%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 01:29
Updated-22 Jan, 2025 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-0910
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 9.59%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 02:20
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_60w_firmwareatp100atp800_firmwareusg_1900usg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwareatp100w_firmwareusg_2200-vpnvpn50_firmwareatp200atp700usg_20wusg300_firmwareusg200usg_40wusg_20w-vpnatp500_firmwareusg_20w-vpn_firmwareatp800vpn1000_firmwarevpn50usg310usg_40w_firmwareusg2200usg_flex_500usg310_firmwareatp200_firmwareusg20usg_310vpn100atp100_firmwareusg_1100usg_310_firmwareusg_flex_200usg_flex_500_firmwareusg_40_firmwareatp100wvpn300_firmwareusg_flex_200_firmwareusg210_firmwareusg_20w_firmwareusg300usg200_firmwarevpn100_firmwareusg_flex_700vpn300usg_60_firmwareusg2200_firmwareusg_flex_100wusg_110_firmwareusg_60usg20_firmwareatp700_firmwareusg_60wusg210usg_flex_100_firmwareusg_110usg_1900_firmwareatp500usg_flex_700_firmwarevpn1000usg_1100_firmwareusg_40USG/ZyWALL series firmwareATP series firmwareUSG FLEX series firmwareVPN series firmware
CWE ID-CWE-287
Improper Authentication
CVE-2024-11494
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.74%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 09:36
Updated-22 Nov, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP HEAD method.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-p6101c_firmwarep6101cP-6101C firmwarep610c_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2021-35033
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.67%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:20
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-wsq20wsq20_firmwarenbg6818nbg7815_firmwarewsq60nbg7815wsr30_firmwarewsq50wsr30wsq50_firmwarewsq60_firmwarenbg6818_firmwareWSQ50 series firmwareWSR30 series firmwareWSQ60 series firmwareNBG7815 series firmwareWSQ20 series firmwareNBG6818 series firmware
CWE ID-CWE-260
Password in Configuration File
CWE ID-CWE-287
Improper Authentication
CVE-2023-35137
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 01:25
Updated-02 Aug, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas542_firmwarenas542nas326_firmwareNAS542 firmwareNAS326 firmware
CWE ID-CWE-287
Improper Authentication
CVE-2023-30328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-29 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use.

Action-Not Available
Vendor-mailbutlern/a
Product-shimon/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-24422
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-47.94% / 97.64%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9
CWE ID-CWE-287
Improper Authentication
CVE-2022-24259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.92% / 85.86%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 16:10
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.

Action-Not Available
Vendor-voipmonitorn/a
Product-voipmonitorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-24029
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.83% / 73.56%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 16:09
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.

Action-Not Available
Vendor-forlogicn/a
Product-qualiexn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-29129
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.1||CRITICAL
EPSS-0.07% / 22.20%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:17
Updated-03 Jan, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.

Action-Not Available
Vendor-mendixSiemens AG
Product-samlMendix SAML (Mendix 9.6 compatible, Upgrade Track)Mendix SAML (Mendix 9 latest compatible, New Track)Mendix SAML (Mendix 9.6 compatible, New Track)Mendix SAML (Mendix 8 compatible)Mendix SAML (Mendix 9.12/9.18 compatible, New Track)Mendix SAML (Mendix 9 latest compatible, Upgrade Track)Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track)Mendix SAML (Mendix 7 compatible)
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2023-29155
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 16:28
Updated-11 Jun, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
INEA ME RTU Missing Authentication for Critical Function

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.

Action-Not Available
Vendor-ineaINEAinea
Product-me_rtume_rtu_firmwareME RTUme_rtu_firmware
CWE ID-CWE-287
Improper Authentication
CVE-2022-24047
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-5.3||MEDIUM
EPSS-2.35% / 84.27%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:51
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.

Action-Not Available
Vendor-bmcBMC
Product-track-it\!Track-It!
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2024-38225
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-8.70% / 92.11%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_business_centralMicrosoft Dynamics 365 Business Central 2023 Release Wave 1Microsoft Dynamics 365 Business Central 2024 Release Wave 1Microsoft Dynamics 365 Business Central 2023 Release Wave 2
CWE ID-CWE-287
Improper Authentication
CVE-2022-23795
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.74%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 15:20
Updated-16 Sep, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[20220303] - Core - User row are not bound to a authentication mechanism

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-287
Improper Authentication
CVE-2022-23769
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.76%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secuever reverseWall-MDS Remote Code Execution Vulnerability

Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution.

Action-Not Available
Vendor-megazoneSecuever Co.,LtdMicrosoft Corporation
Product-windowsreversewall-mdsreverseWall-MDS
CWE ID-CWE-287
Improper Authentication
CVE-2023-3028
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
ShareView Details
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
CVSS Score-8.6||HIGH
EPSS-0.03% / 6.08%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 05:34
Updated-10 Jan, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper backend communication allows access and manipulation of the telemetry data

Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: - The MQTT backend does not require authentication, allowing unauthorized connections from an attacker. - The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend. - The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location. - The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend. The confirmed version is 201808021036, however further versions have been also identified as potentially impacted.

Action-Not Available
Vendor-hopechartHangzhou Hopechart IoT Technology Co., Ltd.
Product-hqt401hqt401_firmwareHQT401
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2024-42462
Matching Score-4
Assigner-upKeeper Solutions
ShareView Details
Matching Score-4
Assigner-upKeeper Solutions
CVSS Score-10||CRITICAL
EPSS-0.22% / 45.09%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 13:22
Updated-28 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bypass multifactor authentication

Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.

Action-Not Available
Vendor-upkeeperupKeeper Solutionsupkeeper
Product-upkeeper_managerupKeeper Managerupkeeper_manager
CWE ID-CWE-287
Improper Authentication
CVE-2022-23126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.96%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 18:07
Updated-28 May, 2025 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.

Action-Not Available
Vendor-teslamaten/a
Product-teslamaten/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-36130
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.76% / 81.86%
||
7 Day CHG-1.87%
Published-07 Aug, 2024 | 03:54
Updated-13 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEPMMendpoint_manager_mobile
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2022-22796
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7||HIGH
EPSS-0.22% / 44.34%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 19:47
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sysaid – Sysaid System Takeover

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.

Action-Not Available
Vendor-SysAid Technologies Ltd.
Product-sysaidSysaid
CWE ID-CWE-287
Improper Authentication
CVE-2023-28398
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 6.25%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 20:08
Updated-16 Jan, 2025 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-28398

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller.

Action-Not Available
Vendor-propumpserviceProPump and Controls, Inc.
Product-osprey_pump_controller_firmwareosprey_pump_controllerOsprey Pump Controller
CWE ID-CWE-287
Improper Authentication
CVE-2023-28503
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-9.8||CRITICAL
EPSS-65.09% / 98.41%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 20:09
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass in UniRPC's udadmin service

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.

Action-Not Available
Vendor-rocketsoftwareRocket SoftwareLinux Kernel Organization, Inc
Product-universeunidatalinux_kernelUniDataUniVerse
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-22956
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-68.89% / 98.57%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 00:00
Updated-13 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-vrealize_automationidentity_managerlinux_kernelworkspace_one_accessVMware Workspace ONE Access
CWE ID-CWE-287
Improper Authentication
CVE-2024-41198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 7.92%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 00:00
Updated-30 May, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

Action-Not Available
Vendor-ocucon/a
Product-innovationn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-28121
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-93.46% / 99.81%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-02 Aug, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.

Action-Not Available
Vendor-n/aAutomattic Inc.
Product-woopaymentswoocommerce_paymentsWooCommerce Payments WordPress Plugin
CWE ID-CWE-287
Improper Authentication
CVE-2022-22831
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.86% / 94.48%
||
7 Day CHG~0.00%
Published-06 Feb, 2022 | 20:53
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.

Action-Not Available
Vendor-servisnetn/a
Product-tessan/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found