Zyxel Zld vulnerabilities

CVE-2025-9133 [HIGH] CWE-862 CVE-2025-9133: A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40 A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed

CVE-2025-8078 [HIGH] CWE-78 CVE-2025-8078: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with ad

CVE-2024-11667 [HIGH] CWE-22 CVE-2024-11667: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware ver A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload fil

CVE-2024-42058 [HIGH] CWE-476 CVE-2024-42058: A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5 A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS co

CVE-2024-42057 [HIGH] CWE-78 CVE-2024-42057: A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions fro A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacke

CVE-2024-7203 [HIGH] CWE-78 CVE-2024-7203: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

CVE-2024-42059 [HIGH] CWE-78 CVE-2024-42059: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with

CVE-2024-42060 [HIGH] CWE-78 CVE-2024-42060: A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4. A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with

CVE-2024-6343 [MEDIUM] CWE-120 CVE-2024-6343: A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with adm

CVE-2024-42061 [MEDIUM] CWE-79 CVE-2024-42061: A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxe A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 co

CVE-2023-4398 [HIGH] CWE-190 CVE-2023-4398: An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN f An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series fir

CVE-2023-35139 [MEDIUM] CWE-79 CVE-2023-35139: A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versi A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could al

CVE-2023-5960 [MEDIUM] CWE-269 CVE-2023-5960: An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series f An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

CVE-2023-37925 [MEDIUM] CWE-269 CVE-2023-37925: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, N

CVE-2023-35136 [MEDIUM] CWE-20 CVE-2023-35136: An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, coul

CVE-2023-4397 [MEDIUM] CWE-120 CVE-2023-4397: A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmw A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI comm

CVE-2023-5650 [MEDIUM] CWE-269 CVE-2023-5650: An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow

CVE-2023-37926 [MEDIUM] CWE-120 CVE-2023-37926: A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLE A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local at

CVE-2023-5797 [MEDIUM] CWE-269 CVE-2023-5797: An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firm An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA

CVE-2020-29299 [HIGH] CWE-77 CVE-2020-29299: Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.