Zyxel Usg Flex 50 Firmware vulnerabilities
23 known vulnerabilities affecting zyxel/usg_flex_50_firmware.
Total CVEs
23
CISA KEV
3
actively exploited
Public exploits
1
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH15MEDIUM5
Vulnerabilities
Page 2 of 2
CVE-2023-27990MEDIUMCVSS 4.8≥ 4.50, < 5.362023-04-24
CVE-2023-27990 [MEDIUM] CWE-79 CVE-2023-27990: The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35
The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker
nvd
CVE-2023-22918MEDIUMCVSS 6.5≥ 4.50, < 5.362023-04-24
CVE-2023-22918 [MEDIUM] CWE-359 CVE-2023-22918: A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firm
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmwa
nvd
CVE-2022-38547HIGHCVSS 7.2≥ 4.50, ≤ 5.322023-02-07
CVE-2022-38547 [HIGH] CWE-78 CVE-2022-38547: A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator pr
nvd
← Previous2 / 2