Zyxel Usg2200 Firmware vulnerabilities
6 known vulnerabilities affecting zyxel/usg2200_firmware.
Total CVEs
6
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-26532HIGHCVSS 7.8≥ 4.09, ≤ 4.712022-05-24
CVE-2022-26532 [HIGH] CWE-88 CVE-2022-26532: A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firm
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware
nvd
CVE-2022-26531HIGHCVSS 7.8PoC≥ 4.09, ≤ 4.712022-05-24
CVE-2022-26531 [MEDIUM] CWE-20 CVE-2022-26531: Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL se
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC25
nvd
CVE-2022-0910MEDIUMCVSS 6.5≥ 4.32, ≤ 4.712022-05-24
CVE-2022-0910 [MEDIUM] CWE-287 CVE-2022-0910: A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI pro
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticat
nvd
CVE-2022-0734MEDIUMCVSS 6.1≥ 4.35, ≤ 4.702022-05-24
CVE-2022-0734 [MEDIUM] CWE-79 CVE-2022-0734: A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series fi
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in
nvd
CVE-2020-29583CRITICALCVSS 9.8KEVPoCv4.602020-12-22
CVE-2020-29583 [CRITICAL] CWE-522 CVE-2020-29583: Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchange
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
nvd
CVE-2020-9054CRITICALCVSS 9.8KEVPoC≥ 4.35, < 4.35\(abae.3\)c02020-03-04
CVE-2020-9054 [CRITICAL] CWE-78 CVE-2020-9054: Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-au
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to
nvd