Zyxel Usg60W Firmware vulnerabilities

CVE-2022-38547 [HIGH] CWE-78 CVE-2022-38547: A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator pr

CVE-2022-40603 [MEDIUM] CWE-79 CVE-2022-40603: A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware ve A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL

CVE-2022-30526 [HIGH] CWE-269 CVE-2022-30526: A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firm A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmw

CVE-2022-2030 [MEDIUM] CWE-22 CVE-2022-2030: A directory traversal vulnerability caused by specific character sequences within an improperly sani A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.

CVE-2022-0342 [CRITICAL] CWE-287 CVE-2022-0342: An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow

CVE-2021-35029 [CRITICAL] CWE-287 CVE-2021-35029: An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall se An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

CVE-2020-29583 [CRITICAL] CWE-522 CVE-2020-29583: Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchange Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.

CVE-2020-9054 [CRITICAL] CWE-78 CVE-2020-9054: Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-au Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to

CVE-2019-9955 [MEDIUM] CWE-79 CVE-2019-9955: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210 On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.