Zyxel Nwa210Ax Firmware vulnerabilities

CVE-2025-6265 [HIGH] CWE-22 CVE-2025-6265: A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware vers A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device.

CVE-2024-12398 [HIGH] CWE-269 CVE-2024-12398: An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 f An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a

CVE-2024-7261 [CRITICAL] CWE-78 CVE-2024-7261: The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP

CVE-2024-1575 [MEDIUM] CWE-269 CVE-2024-1575: The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) a The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.

CVE-2023-6398 [HIGH] CWE-78 CVE-2023-6398: A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,

CVE-2023-37925 [MEDIUM] CWE-269 CVE-2023-37925: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, N

CVE-2023-5797 [MEDIUM] CWE-269 CVE-2023-5797: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA

CVE-2023-22918 [MEDIUM] CWE-359 CVE-2023-22918: A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firm A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmwa

CVE-2022-45854 [MEDIUM] CWE-754 CVE-2022-45854: An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0 An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.

CVE-2022-26532 [HIGH] CWE-88 CVE-2022-26532: A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firm A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware

CVE-2022-26531 [MEDIUM] CWE-20 CVE-2022-26531: Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL se Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC25