Zyxel Wac500 Firmware vulnerabilities
9 known vulnerabilities affecting zyxel/wac500_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-12398HIGHCVSS 8.8fixed in 6.70\(abvs.6\)2025-01-14
CVE-2024-12398 [HIGH] CWE-269 CVE-2024-12398: An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 f
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a
nvd
CVE-2024-7261CRITICALCVSS 9.8fixed in 6.70\(abvs.5\)≤ 6.70(ABVS.4)2024-09-03
CVE-2024-7261 [CRITICAL] CWE-78 CVE-2024-7261: The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)
and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1)
and earlier, and USG LITE 60AX firmware version V2.00(ACIP
cvelistv5nvd
CVE-2024-1575MEDIUMCVSS 6.5fixed in 6.70\(abvs.4\)2024-07-23
CVE-2024-1575 [MEDIUM] CWE-269 CVE-2024-1575: The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) a
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
nvd
CVE-2023-6398HIGHCVSS 7.2fixed in 6.70\(abvs.1\)fixed in 6.70(ABVS.1)2024-02-20
CVE-2023-6398 [HIGH] CWE-78 CVE-2023-6398: A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1,
cvelistv5nvd
CVE-2023-37925MEDIUMCVSS 5.5fixed in 6.70\(abvs.0\)v6.65(ABVS.1)2023-11-28
CVE-2023-37925 [MEDIUM] CWE-269 CVE-2023-37925: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, N
cvelistv5nvd
CVE-2023-5797MEDIUMCVSS 5.5fixed in 6.70\(abvs.0\)v6.65(ABVS.1)2023-11-28
CVE-2023-5797 [MEDIUM] CWE-269 CVE-2023-5797: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA
cvelistv5nvd
CVE-2023-22918MEDIUMCVSS 6.5≤ 6.50\(abvs.0\)2023-04-24
CVE-2023-22918 [MEDIUM] CWE-359 CVE-2023-22918: A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firm
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmwa
cvelistv5nvd
CVE-2022-26531HIGHCVSS 7.8PoC≤ 6.30\(abvs.2\)2022-05-24
CVE-2022-26531 [MEDIUM] CWE-20 CVE-2022-26531: Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL se
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC25
cvelistv5nvd
CVE-2022-26532HIGHCVSS 7.8≤ 6.30\(abvs.2\)2022-05-24
CVE-2022-26532 [HIGH] CWE-88 CVE-2022-26532: A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firm
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware
cvelistv5nvd