Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Atp700_firmware
(Zyxel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-22 | CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg1100_firmware, Usg110_firmware, Usg1900_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg210_firmware, Usg2200_firmware, Usg310_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall1100_firmware, Zywall110_firmware, Zywall310_firmware | 9.8 | ||
| 2023-05-24 | CVE-2023-33009 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS)... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | N/A | ||
| 2023-05-24 | CVE-2023-33010 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg_20w\-Vpn_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 9.8 | ||
| 2024-02-20 | CVE-2023-6398 | A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nwa110ax_firmware, Nwa1123acv3_firmware, Nwa210ax_firmware, Nwa220ax\-6e_firmware, Nwa50ax\-Pro_firmware, Nwa50ax_firmware, Nwa55axe_firmware, Nwa90ax\-Pro_firmware, Nwa90ax_firmware, Uos, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware, Wac500_firmware, Wac500h_firmware, Wax300h_firmware, Wax510d_firmware, Wax610d_firmware, Wax620d\-6e_firmware, Wax630s_firmware, Wax640s\-6e_firmware, Wax650s_firmware, Wax655e_firmware, Wbe660s_firmware | N/A | ||
| 2024-02-20 | CVE-2023-6397 | A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware | 5.3 | ||
| 2024-02-20 | CVE-2023-6399 | A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Uos, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware | 6.5 | ||
| 2024-02-20 | CVE-2023-6764 | A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20\-Vpn_firmware, Usg20w\-Vpn_firmware, Usg_flex_100_firmware, Usg_flex_100ax_firmware, Usg_flex_100h_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_200h_firmware, Usg_flex_200hp_firmware, Usg_flex_500_firmware, Usg_flex_500h_firmware, Usg_flex_50_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Usg_flex_700h_firmware | N/A | ||
| 2022-03-28 | CVE-2022-0342 | An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Nsg300_firmware, Usg40_firmware, Usg40w_firmware, Usg60_firmware, Usg60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware, Zywall_1100_firmware, Zywall_110_firmware, Zywall_310_firmware | 9.8 | ||
| 2022-05-12 | CVE-2022-30525 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware... | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg20w\-Vpn_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_50w_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 9.8 | ||
| 2022-05-24 | CVE-2022-0734 | A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | Atp100_firmware, Atp100w_firmware, Atp200_firmware, Atp500_firmware, Atp700_firmware, Atp800_firmware, Usg200_firmware, Usg20_firmware, Usg210_firmware, Usg2200_firmware, Usg300_firmware, Usg310_firmware, Usg_1100_firmware, Usg_110_firmware, Usg_1900_firmware, Usg_20w\-Vpn_firmware, Usg_20w_firmware, Usg_2200\-Vpn_firmware, Usg_310_firmware, Usg_40_firmware, Usg_40w_firmware, Usg_60_firmware, Usg_60w_firmware, Usg_flex_100_firmware, Usg_flex_100w_firmware, Usg_flex_200_firmware, Usg_flex_500_firmware, Usg_flex_700_firmware, Vpn1000_firmware, Vpn100_firmware, Vpn300_firmware, Vpn50_firmware | 6.1 |