Zyxel Usg Flex Series Firmware vulnerabilities

CVE-2025-11730 [HIGH] CWE-78 CVE-2025-11730: A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI co A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through V5.41, and USG20(W)-VPN series firmware versions from V5.35 throu

CVE-2025-8078 [HIGH] CWE-78 CVE-2025-8078: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with ad

CVE-2025-9133 [HIGH] CWE-862 CVE-2025-9133: A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40 A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed

CVE-2024-11667 [HIGH] CWE-22 CVE-2024-11667: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware ver A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload fil

CVE-2024-42060 [HIGH] CWE-78 CVE-2024-42060: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with

CVE-2024-42057 [HIGH] CWE-78 CVE-2024-42057: A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions fro A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacke

CVE-2024-42058 [HIGH] CWE-476 CVE-2024-42058: A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5 A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS co

CVE-2024-42059 [HIGH] CWE-78 CVE-2024-42059: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with

CVE-2024-7203 [HIGH] CWE-78 CVE-2024-7203: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

CVE-2024-42061 [MEDIUM] CWE-79 CVE-2024-42061: A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxe A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 co

CVE-2024-6343 [MEDIUM] CWE-120 CVE-2024-6343: A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with adm

CVE-2023-6398 [HIGH] CWE-78 CVE-2023-6398: A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,

CVE-2023-6764 [HIGH] CWE-134 CVE-2023-6764: A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could

CVE-2023-6399 [MEDIUM] CWE-134 CVE-2023-6399: A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1

CVE-2023-6397 [MEDIUM] CWE-476 CVE-2023-6397: A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-M

CVE-2023-4398 [HIGH] CWE-190 CVE-2023-4398: An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN f An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series fir

CVE-2023-37925 [MEDIUM] CWE-269 CVE-2023-37925: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, N

CVE-2023-35139 [MEDIUM] CWE-79 CVE-2023-35139: A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versi A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could al

CVE-2023-5960 [MEDIUM] CWE-269 CVE-2023-5960: An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series f An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

CVE-2023-5797 [MEDIUM] CWE-269 CVE-2023-5797: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA