Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Atp500_firmware
(Zyxel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-04 | CVE-2020-9054 | Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command... | Atp100_firmware, Atp200_firmware, Atp500_firmware, Atp800_firmware, Nas326_firmware, Nas520_firmware, Nas540_firmware, Nas542_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware | 9.8 | ||
| 2020-12-22 | CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware | 9.8 | ||
| 2023-05-24 | CVE-2023-33009 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS)... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | N/A | ||
| 2023-05-24 | CVE-2023-33010 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 9.8 | ||
| 2024-02-20 | CVE-2023-6398 | A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nwa110ax_firmware, Nwa1123acv3_firmware, Nwa210ax_firmware, Nwa220ax\-6e_firmware, Nwa50ax\-Pro_firmware, Nwa50ax_firmware, Nwa55axe_firmware, Nwa90ax\-Pro_firmware, Nwa90ax_firmware, Uos, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware, Wac500_firmware, Wac500h_firmware, Wax300h_firmware, Wax510d_firmware, Wax610d_firmware, Wax620d\-6e_firmware, Wax630s_firmware, Wax640s\-6e_firmware, Wax650s_firmware, Wax655e_firmware, Wbe660s_firmware | N/A | ||
| 2024-02-20 | CVE-2023-6397 | A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware | 5.3 | ||
| 2024-02-20 | CVE-2023-6399 | A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Uos, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware | 6.5 | ||
| 2024-02-20 | CVE-2023-6764 | A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware | N/A | ||
| 2022-03-28 | CVE-2022-0342 | An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nsg300_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware | 9.8 | ||
| 2022-05-12 | CVE-2022-30525 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20w\-Vpn_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 9.8 |