Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-13942

Summary
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
Published At-24 Feb, 2026 | 02:32
Updated At-24 Feb, 2026 | 02:32
Rejected At-
Credits

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zyxel
Assigner Org ID:96e50032-ad0d-4058-a115-4d2c13821f9f
Published At:24 Feb, 2026 | 02:32
Updated At:24 Feb, 2026 | 02:32
Rejected At:
▼CVE Numbering Authority (CNA)

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
EX3510-B0 firmware
Default Status
unaffected
Versions
Affected
  • <= 5.17(ABUP.15.1)C0
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026
vendor-advisory
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026
Resource:
vendor-advisory
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zyxel.com.tw
Published At:24 Feb, 2026 | 03:16
Updated At:24 Feb, 2026 | 03:16

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-78Primarysecurity@zyxel.com.tw
CWE ID: CWE-78
Type: Primary
Source: security@zyxel.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026security@zyxel.com.tw
N/A
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026
Source: security@zyxel.com.tw
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1420Records found
CVE-2023-35138
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.52% / 93.11%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 01:30
Updated-02 Aug, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas542_firmwarenas542nas326_firmwareNAS542 firmwareNAS326 firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-4039
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-69.77% / 98.63%
||
7 Day CHG~0.00%
Published-01 Mar, 2022 | 06:40
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nwa1100-nhnwa1100-nh_firmwareNWA1100-NH firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28771
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.35% / 99.95%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 00:00
Updated-27 Oct, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-21||Apply updates per vendor instructions.

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100usg_flex_500_firmwarevpn300_firmwarevpn50atp100_firmwareatp100w_firmwareatp500_firmwareusg_flex_700_firmwareusg_flex_50w_firmwareatp700_firmwarevpn100atp800zywall_usg_310usg_flex_200_firmwareusg_flex_100wzywall_usg_100_firmwarevpn100_firmwareusg_flex_50usg_flex_100_firmwareusg_flex_700usg_flex_50_firmwareatp100atp200atp800_firmwarezywall_usg_100vpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareatp100wusg_flex_200atp700vpn50_firmwareusg_flex_50wzywall_usg_310_firmwareatp500VPN series firmwareATP series firmwareZyWALL/USG series firmwareUSG FLEX series firmwareMultiple Firewalls
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-27992
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-86.53% / 99.40%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 11:42
Updated-27 Oct, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-14||Apply updates per vendor instructions.

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas326_firmwarenas542_firmwarenas540nas540_firmwarenas542NAS542 firmwareNAS540 firmwareNAS326 firmwareMultiple Network-Attached Storage (NAS) Devices
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-29973
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.05% / 99.90%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 01:29
Updated-22 Jan, 2025 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-29972
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.68% / 99.74%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 01:24
Updated-22 Jan, 2025 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8234
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-7.62% / 91.69%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 00:28
Updated-22 Jan, 2025 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nwaw1100-nnwaw1100-n_firmwareNWA1100-N firmwarenwa1100-n_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-6342
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.60% / 90.98%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 01:55
Updated-22 Jan, 2025 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7261
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.16% / 95.81%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 02:10
Updated-13 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nwa90ax_pro_firmwarenwa210ax_firmwarewax620d-6e_firmwarewac500hnwa220ax-6e_firmwarenwa50ax_firmwarewbe530wac500h_firmwarenwa210axnwa50axusg_lite_60ax_firmwarewax640s-6e_firmwarewax300hwax610dnwa1123acv3wax620d-6ewbe660snwa110ax_firmwarewac6552d-s_firmwarenwa130be_firmwarenwa55axewac500nwa50ax_prowax630s_firmwarewax510d_firmwarenwa50ax_pro_firmwarewac6503d-s_firmwarenwa1123-ac_pro_firmwarewac500_firmwarewax655enwa90ax_firmwarewax640s-6ewbe660s_firmwarewac6503d-swac6103d-inwa90axwac6553d-eusg_lite_60axwax510dwbe530_firmwarewax650s_firmwarewac6502d-swac6553d-e_firmwarewac6502d-s_firmwarewax655e_firmwarewac6552d-snwa130bewax610d_firmwarewac6103d-i_firmwarewax630snwa1123-ac_pronwa110axnwa220ax-6enwa90ax_prowax300h_firmwarewax650snwa1123acv3_firmwarenwa55axe_firmwareUSG LITE 60AX firmwareWAC500 firmwareWAX655E firmwareWBE530 firmwareNWA1123ACv3 firmwarewbe530_firmwarewac500_firmwarewax655e_firmwarenwa1123acv3_firmwareusg_lite_60ax_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4474
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-16.28% / 94.68%
||
7 Day CHG+2.87%
Published-30 Nov, 2023 | 01:45
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas542_firmwarenas542nas326_firmwareNAS326 firmwareNAS542 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-30525
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.45% / 99.99%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 13:05
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-06||Apply updates per vendor instructions.

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_500_firmwarevpn300_firmwareusg20w-vpnvpn50atp100_firmwareatp100w_firmwareatp500_firmwareusg_flex_700_firmwareusg_flex_50w_firmwareatp700_firmwarevpn100atp800usg20w-vpn_firmwareusg_flex_100wusg_flex_200_firmwarevpn100_firmwareusg_flex_700atp100atp200atp800_firmwarevpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareatp100wusg_flex_200atp700vpn50_firmwareusg_flex_50watp500USG FLEX 200 firmwareUSG FLEX 100(W) firmwareATP series firmwareUSG 20(W)-VPN firmwareUSG FLEX 50(W) firmwareUSG FLEX 500 firmwareVPN series firmwareUSG FLEX 700 firmwareMultiple Firewalls
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-4473
Matching Score-10
Assigner-Zyxel Corporation
ShareView Details
Matching Score-10
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-32.92% / 96.78%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 01:40
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas542_firmwarenas542nas326_firmwareNAS326 firmwareNAS542 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-0342
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-91.43% / 99.65%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 12:05
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg60_firmwarevpn100usg40_firmwareusg60w_firmwareatp100_firmwarensg300_firmwareatp100zywall_110atp800_firmwareusg_flex_200usg_flex_500_firmwareusg_flex_100usg_flex_100w_firmwareatp100watp100w_firmwarevpn300_firmwareusg_flex_200_firmwarevpn50_firmwareusg40w_firmwarezywall_1100atp200atp700nsg300usg_flex_700vpn100_firmwarevpn300usg40wusg_flex_100wusg60watp700_firmwareatp500_firmwareusg40atp800zywall_310_firmwareusg60vpn50usg_flex_100_firmwarevpn1000_firmwarezywall_110_firmwarezywall_310atp500usg_flex_700_firmwarezywall_1100_firmwarevpn1000usg_flex_500atp200_firmwareATP series firmwareNSG series firmwareVPN series firmwareUSG FLEX series firmwareUSG/ZyWALL series firmware
CWE ID-CWE-287
Improper Authentication
CVE-2023-28769
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-70.32% / 98.65%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx5401-b0_firmwaredx5401-b0DX5401-B0 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22920
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.19% / 78.50%
||
7 Day CHG+0.21%
Published-21 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3316-m604lte3316-m604_firmwarelte3202-m437lte3202-m437_firmwareLTE3316-M604
CWE ID-CWE-284
Improper Access Control
CVE-2022-43389
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-8.6||HIGH
EPSS-1.31% / 79.54%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3202-m437pmg5317-t20bpm7320-b0_firmwarepm7320-b0nebula_fwa710nr7102nr5103e_firmwarenebula_nr7101pmg5617ganr7103_firmwarenebula_fwa510nr7102_firmwarenr7101nebula_fwa510_firmwareep240p_firmwarenr7101_firmwarelte7490-m904nr7103nebula_fwa710_firmwarelte3316-m604_firmwarepmg5622galte7480-m804_firmwarenr5103enebula_nr7101_firmwarepmg5317-t20b_firmwarelte7490-m904_firmwarepmg5622ga_firmwarelte3316-m604nr5103_firmwarelte3202-m437_firmwarenr5103pmg5617ga_firmwarelte7480-m804ep240pNR7101 firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-40602
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 75.05%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-28 Apr, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-lte3301-m209_firmwarelte3301-m209LTE3301-M209
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-29974
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-47.60% / 97.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 01:34
Updated-22 Jan, 2025 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas326_firmwarenas326nas542_firmwareNAS542 firmwareNAS326 firmwarenas542_firmwarenas326_firmware
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-38546
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.26%
||
7 Day CHG~0.00%
Published-21 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg7510nbg7510_firmwareNBG7510 firmware
CWE ID-CWE-284
Improper Access Control
CVE-2025-7673
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.08%
||
7 Day CHG-0.03%
Published-16 Jul, 2025 | 07:11
Updated-14 Jan, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg1312-t20bemg5723-t50k_firmwarevmg3927-t50kvmg8825-b50avmg8924-b10d_firmwarexmg8825-b50avmg8825-t50k_firmwarevmg3925-b10bemg5523-t50bxmg8825-b50a_firmwarevmg4005-b50b_firmwarevmg3927-t50k_firmwarevmg3927-b50bvmg8825-b60aemg3525-t50b_firmwareemg6726-b10avmg8825-b60a_firmwarevmg3625-t50b_firmwarevmg8825-t50kvmg3927-b50avmg4927-b50avmg3927-b60a_firmwareex5510-b0vmg3925-b10b_firmwarevmg8825-bx0b_firmwarevmg3925-b10cxmg3927-b50a_firmwarevmg4927-b50a_firmwarevmg3927-b50b_firmwarevmg3625-t50bex3510-b0vmg1312-t20b_firmwareemg5523-t50b_firmwareex3510-b0_firmwarevmg8623-t50b_firmwarevmg8924-b10demg3525-t50bemg5723-t50kvmg8623-t50bvmg3927-b50a_firmwarevmg8825-bx0bvmg8825-b50a_firmwarevmg3925-b10c_firmwareemg6726-b10a_firmwareex5510-b0_firmwarevmg3927-b60axmg3927-b50avmg4005-b50bVMG8825-T50K firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-11667
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-34.19% / 96.88%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 09:39
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-12-24||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100atp100atp200usg_flex_100axatp800usg_flex_100watpusg_flex_500usg_flex_50zldatp100wusg_flex_200atp700usg_flex_50wusg_20w-vpnusg_flexusg_flex_700atp500USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareATP series firmwareUSG FLEX series firmwareusg20-vpn_firmwareatp_firmwareusg_flex_50w_firmwareusg_flex_firmwareMultiple Firewalls
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-35029
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.97%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 10:29
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg110_firmwareusg40_firmwareusg60w_firmwareusg1000_firmwarezywall_atp700_firmwareusg2200-vpn_firmwareusg20-vpn_firmwarezywall_110usg2000usg_flex_100usg1900_firmwareusg50_firmwareusg_flex_100w_firmwarezywall_vpn300_firmwareusg100_firmwarezywall_atp200usg40w_firmwarezywall_vpn100_firmwarezywall_1100zywall_vpn100zywall_atp100w_firmwareusg1000usg300_firmwareusg60wzywall_atp800_firmwareusg200zywall_310_firmwareusg310zywall_atp100wzywall_atp500_firmwareusg20w_firmwarezywall_vpn300zywall_110_firmwarezywall_310usg20wzywall_1100_firmwareusg20w-vpn_firmwareusg_flex_500usg310_firmwareusg20usg60_firmwarezywall_atp700zywall_atp800usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg1100usg110usg2000_firmwareusg1100_firmwareusg_flex_200_firmwareusg20-vpnusg1900usg210_firmwarezywall_vpn50usg50usg20w-vpnusg300usg200_firmwareusg_flex_700usg40wusg_flex_100wusg100usg20_firmwarezywall_atp200_firmwarezywall_atp500usg2200-vpnusg40zywall_atp100usg210usg60usg_flex_100_firmwareusg_flex_700_firmwarezywall_vpn50_firmwareUSG FLEX series FirmwareATP series FirmwareVPN series FirmwareUSG/Zywall series Firmware
CWE ID-CWE-287
Improper Authentication
CVE-2022-34747
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.82% / 82.57%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 01:20
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas326nas326_firmwareZyxel NAS326 firmware
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-33009
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.17% / 90.65%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100usg_flex_500_firmwarevpn300_firmwarevpn50atp100_firmwareatp500_firmwareatp100w_firmwareusg_flex_700_firmwareusg_40w_firmwareusg_40wusg_flex_50w_firmwareusg20-vpn_firmwareatp700_firmwarevpn100atp800usg_60w_firmwareusg_flex_200_firmwareusg_flex_100wusg_60wvpn100_firmwareusg_flex_50usg_flex_100_firmwareusg_60_firmwareusg_20w-vpn_firmwareusg20-vpnusg_60usg_flex_700usg_flex_50_firmwareatp100atp200atp800_firmwarevpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareusg_40_firmwareusg_40atp100wusg_flex_200atp700vpn50_firmwareusg_flex_50wusg_20w-vpnatp500USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33010
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.85% / 90.37%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-26||Apply updates per vendor instructions.

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_100usg_flex_500_firmwarevpn300_firmwarevpn50atp100_firmwareatp500_firmwareatp100w_firmwareusg_flex_700_firmwareusg_40w_firmwareusg_40wusg_flex_50w_firmwareusg20-vpn_firmwareatp700_firmwarevpn100atp800usg_60w_firmwareusg_flex_200_firmwareusg_flex_100wusg_60wvpn100_firmwareusg_flex_50usg_flex_100_firmwareusg_60_firmwareusg_20w-vpn_firmwareusg20-vpnusg_60usg_flex_700usg_flex_50_firmwareatp100atp200atp800_firmwarevpn300usg_flex_100w_firmwarevpn1000atp200_firmwareusg_flex_500vpn1000_firmwareusg_40_firmwareusg_40atp100wusg_flex_200atp700vpn50_firmwareusg_flex_50wusg_20w-vpnatp500USG FLEX series firmwareATP series firmwareUSG20(W)-VPN firmwareUSG FLEX 50(W) firmwareVPN series firmwareZyWALL/USG series firmwareMultiple Firewalls
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-0890
Matching Score-8
Assigner-Zyxel Corporation
ShareView Details
Matching Score-8
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 78.94%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 10:06
Updated-15 Dec, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg3312-b10asbg3300-n000_firmwarevmg3313-b10a_firmwarevmg1312-b10e_firmwarevmg8924-b10avmg1312-b10b_firmwarevmg3926-b10bvmg4380-b10asbg3300-n000vmg1312-b10a_firmwarevmg3312-b10a_firmwarevmg1312-b10evmg8924-b10a_firmwarevmg3313-b10asbg3500-n000_firmwarevmg4325-b10a_firmwaresbg3500-n000sbg3500-nb00_firmwarevmg3926-b10b_firmwarevmg8324-b10a_firmwaresbg3500-nb00sbg3300-nb00_firmwarevmg1312-b10bsbg3300-nb00vmg8324-b10avmg1312-b10avmg4380-b10a_firmwarevmg4325-b10aVMG4325-B10A firmware
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-13943
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-24 Feb, 2026 | 02:38
Updated-24 Feb, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-EX3301-T0 firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-1459
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-Not Assigned
Published-24 Feb, 2026 | 02:48
Updated-24 Feb, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-VMG3625-T50B firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-34141
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8||HIGH
EPSS-0.11% / 29.96%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 17:56
Updated-29 Oct, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn_300zywall_atp700zywall_atp700_firmwarezywall_vpn_50_firmwarezywall_atp800zywall_vpn_50usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_200_firmwareusg_2200-vpnzywall_atp200zywall_vpn50nxc5500zywall_vpn100_firmwarenxc2500zywall_vpn100usg_flex_700zywall_atp100w_firmwareusg_flex_100wzywall_atp800_firmwareusg_flex_50w_firmwarezywall_atp200_firmwareusg_20w-vpnzywall_atp500usg_20w-vpn_firmwarezywall_atp100usg_flex_100_firmwarenxc5500_firmwarezywall_atp100wzywall_atp500_firmwareusg_flex_50wnxc2500_firmwareusg_flex_50_firmwarezywall_vpn300zywall_vpn_300_firmwareusg_flex_700_firmwarezywall_vpn_100zywall_vpn2szywall_vpn2s_firmwarezywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX 50(W) series firmwareNXC5500 firmwareATP series firmwareVPN series firmwareNXC2500 firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmwarenxc2500_firmwareusg_flex_50w_firmwarevpn_firmwareusg20w-vpn_firmwarenxc5500_firmwareatpusg_flex
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-34139
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.12%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 17:36
Updated-29 Oct, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg_flex_50w_firmwarezywall_vpn_300zywall_vpn_50_firmwarezywall_vpn_50usg_flex_200usg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_100_firmwareusg_flex_200_firmwareusg_2200-vpnusg_flex_50wzywall_vpn50usg_flex_50_firmwarezywall_vpn300zywall_vpn100_firmwarezywall_vpn_300_firmwarezywall_vpn100usg_flex_700_firmwarezywall_vpn_100zywall_vpn2susg_flex_700zywall_vpn2s_firmwareusg_flex_100wzywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX series firmwareVPN series firmwarevpn_firmwareusg_flex_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33012
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-7.72% / 91.76%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 17:23
Updated-05 Mar, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn_300zywall_atp700zywall_atp700_firmwarezywall_vpn_50_firmwarezywall_atp800zywall_vpn_50usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_200_firmwareusg_2200-vpnzywall_atp200zywall_vpn50zywall_vpn100_firmwarezywall_vpn100usg_flex_700zywall_atp100w_firmwareusg_flex_100wzywall_atp800_firmwareusg_flex_50w_firmwarezywall_atp200_firmwareusg_20w-vpnzywall_atp500usg_20w-vpn_firmwarezywall_atp100usg_flex_100_firmwarezywall_atp100wzywall_atp500_firmwareusg_flex_50wusg_flex_50_firmwarezywall_vpn300zywall_vpn_300_firmwareusg_flex_700_firmwarezywall_vpn_100zywall_vpn2szywall_vpn2s_firmwarezywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-33013
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-1.27% / 79.25%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 16:16
Updated-09 Oct, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg6604_firmwarenbg6604NBG6604 firmwarenbg6604_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-42060
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-0.65% / 70.53%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:54
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmwareusg_flex_50w_firmwareatp800_firmwareusg_flex_700h_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-42057
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.1||HIGH
EPSS-2.88% / 86.05%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:43
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmwareusg_flex_50w_firmwareatp800_firmwareusg_flex_700h_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-42059
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-0.65% / 70.53%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:51
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_20w-vpnatp100atp800usg_flex_200usg_flex_100atp100wusg_flex_50watp200atp500atp700usg_flex_100axusg_flex_700usg_flex_100wusg_flex_500usg_flex_50USG FLEX 50(W) series firmwareUSG20(W)-VPN series firmwareUSG FLEX series firmwareATP series firmwareusg_flex_50w_firmwareatp800_firmwareusg_flex_700h_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-40890
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-13.04% / 93.94%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 09:55
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-04||The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg3312-b10a_firmwarevmg1312-b10b_firmwarevmg3926-b10b_firmwarevmg3926-b10bsbg3300-n000_firmwarevmg4325-b10a_firmwarevmg1312-b10bvmg4325-b10avmg4380-b10avmg4380-b10a_firmwaresbg3300-nb00_firmwaresbg3300-nb00vmg1312-b10e_firmwarevmg1312-b10a_firmwaresbg3500-nb00sbg3500-n000_firmwarevmg3312-b10asbg3500-nb00_firmwarevmg3313-b10a_firmwarevmg1312-b10avmg1312-b10evmg8924-b10a_firmwarevmg8924-b10avmg8324-b10a_firmwarevmg3313-b10avmg8324-b10asbg3300-n000VMG4325-B10A firmwareDSL CPE Devices
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-4029
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 69.14%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 14:25
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg6816nbg6816_firmwarenbg6817_firmwarenbg6817ARMOR Z2 (NBG6817) firmwareARMOR Z1 (NBG6816) firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-28767
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.69%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 16:59
Updated-07 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn_300zywall_atp700zywall_atp700_firmwarezywall_vpn_50_firmwarezywall_atp800zywall_vpn_50usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_200_firmwareusg_2200-vpnzywall_atp200zywall_vpn50zywall_vpn100_firmwarezywall_vpn100usg_flex_700zywall_atp100w_firmwareusg_flex_100wzywall_atp800_firmwareusg_flex_50w_firmwarezywall_atp200_firmwareusg_20w-vpnzywall_atp500usg_20w-vpn_firmwarezywall_atp100usg_flex_100_firmwarezywall_atp100wzywall_atp500_firmwareusg_flex_50wusg_flex_50_firmwarezywall_vpn300zywall_vpn_300_firmwareusg_flex_700_firmwarezywall_vpn_100zywall_vpn2szywall_vpn2s_firmwarezywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmwareusg_flex_series_firmwareusg_flex_50\/w\/_series_firmwareatp_series_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-27991
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-0.98% / 76.44%
||
7 Day CHG+0.01%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vpn100atp100_firmwareatp100atp800_firmwareusg20-vpn_firmwareusg_flex_200usg_flex_500_firmwareusg_flex_100usg_flex_100w_firmwareatp100watp100w_firmwarevpn300_firmwareusg_flex_200_firmwarevpn50_firmwareusg20-vpnatp200atp700usg_flex_700vpn100_firmwarevpn300usg_flex_100wusg_flex_50w_firmwareusg_20w-vpnatp700_firmwareatp500_firmwareusg_20w-vpn_firmwareatp800vpn1000_firmwarevpn50usg_flex_100_firmwareusg_flex_50wusg_flex_50_firmwareatp500usg_flex_700_firmwarevpn1000usg_flex_500usg_flex_50atp200_firmwareUSG20(W)-VPN firmwareVPN series firmwareUSG FLEX 50(W) firmwareATP series firmwareUSG FLEX series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-34138
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8||HIGH
EPSS-0.11% / 29.96%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 17:31
Updated-30 Oct, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn_300zywall_atp700zywall_atp700_firmwarezywall_vpn_50_firmwarezywall_atp800zywall_vpn_50usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg_2200-vpn_firmwareusg_flex_100usg_flex_100w_firmwarezywall_vpn300_firmwareusg_flex_200_firmwareusg_2200-vpnzywall_atp200zywall_vpn50zywall_vpn100_firmwarezywall_vpn100usg_flex_700zywall_atp100w_firmwareusg_flex_100wzywall_atp800_firmwareusg_flex_50w_firmwarezywall_atp200_firmwareusg_20w-vpnzywall_atp500usg_20w-vpn_firmwarezywall_atp100usg_flex_100_firmwarezywall_atp100wzywall_atp500_firmwareusg_flex_50wusg_flex_50_firmwarezywall_vpn300zywall_vpn_300_firmwareusg_flex_700_firmwarezywall_vpn_100zywall_vpn2szywall_vpn2s_firmwarezywall_vpn50_firmwareusg_flex_500usg_flex_50zywall_vpn_100_firmwareUSG FLEX 50(W) series firmwareATP series firmwareVPN series firmwareUSG FLEX series firmwareUSG20(W)-VPN series firmwareusg_flex_50w_firmwarevpn_firmwareatp_firmwareusg20w-vpn_firmwareusg_flex_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-27988
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 61.82%
||
7 Day CHG+0.09%
Published-30 May, 2023 | 00:00
Updated-14 Jan, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nas542nas540nas540_firmwarenas542_firmwarenas326nas326_firmwareNAS326 firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-22919
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-1.11% / 77.82%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 00:00
Updated-30 Jan, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg6604_firmwarenbg6604NBG6604 firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-35032
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.78%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 10:42
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-48hpgs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-48hp_firmwaregs1900-16_firmwaregs1900-10hp_firmwaregs1900-16gs1900-24hp_firmwaregs1900-24hpGS1900 series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-40891
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-8.8||HIGH
EPSS-39.30% / 97.19%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 10:02
Updated-27 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-04||The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg3312-b10a_firmwarevmg1312-b10b_firmwarevmg3926-b10b_firmwarevmg3926-b10bsbg3300-n000_firmwarevmg4325-b10a_firmwarevmg1312-b10bvmg4325-b10avmg4380-b10avmg4380-b10a_firmwaresbg3300-nb00_firmwaresbg3300-nb00vmg1312-b10e_firmwarevmg1312-b10a_firmwaresbg3500-nb00sbg3500-n000_firmwarevmg3312-b10asbg3500-nb00_firmwarevmg3313-b10a_firmwarevmg1312-b10avmg1312-b10evmg8924-b10a_firmwarevmg8924-b10avmg8324-b10a_firmwarevmg3313-b10avmg8324-b10asbg3300-n000VMG4325-B10A firmwareDSL CPE Devices
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-35028
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.33%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 10:35
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn2s_firmwarezywall_vpn2sZyWALL VPN2S Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-35031
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.64%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 10:36
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpxgs1250-12gs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-48hpgs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwarexgs1210-12xgs1250-12_firmwaregs1900-24hp_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-48hp_firmwaregs1900-16_firmwaregs1900-10hp_firmwaregs1900-16xgs1210-12_firmwaregs1900-24hpGS1900 series firmwareXGS1210 series firmwareXGS1250 series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-43390
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-5.4||MEDIUM
EPSS-2.50% / 85.07%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex5601-t1_firmwaredx3301-t0vmg4005-b50aex5512-t0_firmwarepm5100-t0_firmwarevmg3927-t50kpm7320-b0vmg8825-t50kdx5401-b0ex5601-t1ax7501-b0ex3510-b0nebula_nr5101vmg8623-t50bemg3525-t50bnr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareemg5723-t50kdx3301-t0_firmwarepmg5622gaex5510-b0_firmwarenebula_nr7101_firmwarepmg5317-t20b_firmwarepmg5617-t20b2lte7490-m904_firmwarepmg5622ga_firmwareex5401-b0_firmwarewx3401-b0_firmwareex5512-t0ex5600-t1dx4510-b1pm3100-t0_firmwarewx3100-t0_firmwareemg5523-t50bvmg8623-t50b_firmwarewx3100-t0vmg4005-b60apmg5317-t20bex5501-b0dx4510-b1_firmwarepm7320-b0_firmwareex5510-b0pmg5617-t20b2_firmwarevmg4005-b60a_firmwarenr7102ex5601-t0_firmwarevmg4005-b50a_firmwareex5501-b0_firmwaredx5401-b0_firmwareex3301-t0ex5401-b0nebula_nr7101nr5101_firmwarepmg5617gaex3510-b0_firmwarewx3401-b0pm5100-t0nr7101ax7501-b0_firmwareemg5723-t50k_firmwarevmg3927-t50k_firmwarepm3100-t0nr7101_firmwarelte7490-m904ex5601-t0ex5600-t1_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarewx5600-t0emg5523-t50b_firmwarenr5101pm7300-t0ex3301-t0_firmwarepmg5617ga_firmwarelte7480-m804emg3525-t50b_firmwarewx5600-t0_firmwareNR7101 firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8881
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.71%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 01:17
Updated-14 Nov, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-16_firmwaregs1900-10hp_firmwaregs1900-16GS1900-48 firmwaregs1900-48_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9200
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-0.46% / 63.53%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:33
Updated-21 Jan, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-vmg4005-b50bvmg4005-b50a_firmwarevmg4005-b60a_firmwarevmg4005-b50avmg4005-b50b_firmwareemg6726-b10avmg4927-b50avmg3927-b50bvmg4927-b50a_firmwarevmg3927-b50b_firmwarevmg4005-b60aemg6726-b10a_firmwareVMG4005-B50A firmwarevmg4005-b50a_firmwarevmg4927-b50a_firmwareemg6726-b10a_firmwarevmg4005-b50b_firmwarevmg3927-b50b_firmwarevmg4005-b60a_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7203
Matching Score-6
Assigner-Zyxel Corporation
ShareView Details
Matching Score-6
Assigner-Zyxel Corporation
CVSS Score-7.2||HIGH
EPSS-0.92% / 75.60%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:36
Updated-13 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldusg_flex_50watp200atp500atp700atp100usg_flex_100axatp800usg_flex_200usg_flex_700usg_flex_100atp100wusg_flex_100wusg_flex_500usg_flex_50ATP series firmwareUSG FLEX series firmwareatp800_firmwareusg_flex_700h_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 28
  • 29
  • Next
Details not found