Zyxel Nwa90Ax-Pro Firmware vulnerabilities
5 known vulnerabilities affecting zyxel/nwa90ax-pro_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-1575MEDIUMCVSS 6.5fixed in 7.00\(acgf.1\)2024-07-23
CVE-2024-1575 [MEDIUM] CWE-269 CVE-2024-1575: The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) a
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
nvd
CVE-2023-6398HIGHCVSS 7.2fixed in 6.80\(acgf.0\)2024-02-20
CVE-2023-6398 [HIGH] CWE-78 CVE-2023-6398: A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,
nvd
CVE-2023-37925MEDIUMCVSS 5.5fixed in 6.80\(acgf.0\)2023-11-28
CVE-2023-37925 [MEDIUM] CWE-269 CVE-2023-37925: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, N
nvd
CVE-2023-5797MEDIUMCVSS 5.5fixed in 6.80\(acgf.0\)2023-11-28
CVE-2023-5797 [MEDIUM] CWE-269 CVE-2023-5797: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA
nvd
CVE-2023-22918MEDIUMCVSS 6.5≤ 6.50\(acgf.0\)2023-04-24
CVE-2023-22918 [MEDIUM] CWE-359 CVE-2023-22918: A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firm
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmwa
nvd