Zyxel Usg 2200-Vpn Firmware vulnerabilities
13 known vulnerabilities affecting zyxel/usg_2200-vpn_firmware.
Total CVEs
13
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH9MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-34138HIGHCVSS 8.0≥ 4.60, < 5.372023-07-17
CVE-2023-34138 [HIGH] CWE-78 CVE-2023-34138: A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware
A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware
nvd
CVE-2023-33011HIGHCVSS 8.8≥ 5.00, < 5.372023-07-17
CVE-2023-33011 [HIGH] CWE-134 CVE-2023-33011: A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, U
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, c
nvd
CVE-2023-34139HIGHCVSS 8.8≥ 4.20, < 5.372023-07-17
CVE-2023-34139 [HIGH] CWE-78 CVE-2023-34139: A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
nvd
CVE-2023-34141HIGHCVSS 8.0≥ 5.00, < 5.372023-07-17
CVE-2023-34141 [HIGH] CWE-78 CVE-2023-34141: A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP serie
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series fir
nvd
CVE-2023-33012HIGHCVSS 8.8≥ 5.00, < 5.372023-07-17
CVE-2023-33012 [HIGH] CWE-78 CVE-2023-33012: A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versi
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versio
nvd
CVE-2023-28767HIGHCVSS 8.8≥ 5.00, < 5.372023-07-17
CVE-2023-28767 [HIGH] CWE-78 CVE-2023-28767: The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware ve
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36,
USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An una
nvd
CVE-2023-34140MEDIUMCVSS 6.5≥ 4.30, < 5.372023-07-17
CVE-2023-34140 [MEDIUM] CWE-120 CVE-2023-34140: A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2,
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, N
nvd
CVE-2022-30526HIGHCVSS 7.8PoC≥ 4.30, ≤ 5.302022-07-19
CVE-2022-30526 [HIGH] CWE-269 CVE-2022-30526: A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firm
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmw
nvd
CVE-2022-2030MEDIUMCVSS 6.5≥ 4.30, ≤ 5.302022-07-19
CVE-2022-2030 [MEDIUM] CWE-22 CVE-2022-2030: A directory traversal vulnerability caused by specific character sequences within an improperly sani
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.
nvd
CVE-2022-26532HIGHCVSS 7.8≥ 4.09, ≤ 4.712022-05-24
CVE-2022-26532 [HIGH] CWE-88 CVE-2022-26532: A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firm
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware
nvd
CVE-2022-26531HIGHCVSS 7.8PoC≥ 4.09, ≤ 4.712022-05-24
CVE-2022-26531 [MEDIUM] CWE-20 CVE-2022-26531: Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL se
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC25
nvd
CVE-2022-0910MEDIUMCVSS 6.5≥ 4.32, ≤ 4.712022-05-24
CVE-2022-0910 [MEDIUM] CWE-287 CVE-2022-0910: A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI pro
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticat
nvd
CVE-2022-0734MEDIUMCVSS 6.1≥ 4.35, ≤ 4.702022-05-24
CVE-2022-0734 [MEDIUM] CWE-79 CVE-2022-0734: A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series fi
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in
nvd