Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Zyxel Corporation

#96e50032-ad0d-4058-a115-4d2c13821f9f
PolicyEmail

Short Name

Zyxel

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

zyxel.com.tw

Country

Taiwan

Scope

Zyxel products issues only.
Reported CVEsVendorsProductsReports
158Vulnerabilities found
CVE-2021-35034
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-7.4||HIGH
EPSS-0.33% / 55.99%
||
7 Day CHG~0.00%
Published-29 Dec, 2021 | 12:36
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-nbg6604_firmwarenbg6604NBG6604 series firmware
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2021-35032
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.93%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 10:42
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-48hpgs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-48hp_firmwaregs1900-16_firmwaregs1900-10hp_firmwaregs1900-16gs1900-24hp_firmwaregs1900-24hpGS1900 series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-35031
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 10:36
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpxgs1250-12gs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-48hpgs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwarexgs1210-12xgs1250-12_firmwaregs1900-24hp_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-48hp_firmwaregs1900-16_firmwaregs1900-10hp_firmwaregs1900-16xgs1210-12_firmwaregs1900-24hpGS1900 series firmwareXGS1210 series firmwareXGS1250 series firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-35033
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:20
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-wsq20wsq20_firmwarenbg6818nbg7815_firmwarewsq60nbg7815wsr30_firmwarewsq50wsr30wsq50_firmwarewsq60_firmwarenbg6818_firmwareWSQ50 series firmwareWSR30 series firmwareWSQ60 series firmwareNBG7815 series firmwareWSQ20 series firmwareNBG6818 series firmware
CWE ID-CWE-260
Password in Configuration File
CWE ID-CWE-287
Improper Authentication
CVE-2021-35028
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.10%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 10:35
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn2s_firmwarezywall_vpn2sZyWALL VPN2S Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-35027
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.24%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 10:32
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zywall_vpn2s_firmwarezywall_vpn2sZyWALL VPN2S Firmware
CWE ID-CWE-27
Path Traversal: 'dir/../../filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-35030
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-3.5||LOW
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 11:20
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-48hpgs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-48hp_firmwaregs1900-16_firmwaregs1900-10hp_firmwaregs1900-16gs1900-24hp_firmwaregs1900-24hpGS1900-8 Firmware
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-35029
Assigner-Zyxel Corporation
ShareView Details
Assigner-Zyxel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.29%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 10:29
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-usg110_firmwareusg40_firmwareusg60w_firmwareusg1000_firmwarezywall_atp700_firmwareusg2200-vpn_firmwareusg20-vpn_firmwarezywall_110usg2000usg_flex_100usg1900_firmwareusg50_firmwareusg_flex_100w_firmwarezywall_vpn300_firmwareusg100_firmwarezywall_atp200usg40w_firmwarezywall_vpn100_firmwarezywall_1100zywall_vpn100zywall_atp100w_firmwareusg1000usg300_firmwareusg60wzywall_atp800_firmwareusg200zywall_310_firmwareusg310zywall_atp100wzywall_atp500_firmwareusg20w_firmwarezywall_vpn300zywall_110_firmwarezywall_310usg20wzywall_1100_firmwareusg20w-vpn_firmwareusg_flex_500usg310_firmwareusg20usg60_firmwarezywall_atp700zywall_atp800usg_flex_200zywall_atp100_firmwareusg_flex_500_firmwareusg1100usg110usg2000_firmwareusg1100_firmwareusg_flex_200_firmwareusg20-vpnusg1900usg210_firmwarezywall_vpn50usg50usg20w-vpnusg300usg200_firmwareusg_flex_700usg40wusg_flex_100wusg100usg20_firmwarezywall_atp200_firmwarezywall_atp500usg2200-vpnusg40zywall_atp100usg210usg60usg_flex_100_firmwareusg_flex_700_firmwarezywall_vpn50_firmwareUSG FLEX series FirmwareATP series FirmwareVPN series FirmwareUSG/Zywall series Firmware
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next