Zyxel Zywall Vpn300 Firmware vulnerabilities
9 known vulnerabilities affecting zyxel/zywall_vpn300_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-34138HIGHCVSS 8.0≥ 4.60, < 5.372023-07-17
CVE-2023-34138 [HIGH] CWE-78 CVE-2023-34138: A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware
A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware
nvd
CVE-2023-33011HIGHCVSS 8.8≥ 5.00, < 5.372023-07-17
CVE-2023-33011 [HIGH] CWE-134 CVE-2023-33011: A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, U
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, c
nvd
CVE-2023-34139HIGHCVSS 8.8≥ 4.20, < 5.372023-07-17
CVE-2023-34139 [HIGH] CWE-78 CVE-2023-34139: A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series
A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.
nvd
CVE-2023-34141HIGHCVSS 8.0≥ 5.00, < 5.372023-07-17
CVE-2023-34141 [HIGH] CWE-78 CVE-2023-34141: A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP serie
A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series fir
nvd
CVE-2023-33012HIGHCVSS 8.8≥ 5.00, < 5.372023-07-17
CVE-2023-33012 [HIGH] CWE-78 CVE-2023-33012: A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versi
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versio
nvd
CVE-2023-28767HIGHCVSS 8.8≥ 5.00, < 5.372023-07-17
CVE-2023-28767 [HIGH] CWE-78 CVE-2023-28767: The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware ve
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36,
USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An una
nvd
CVE-2023-34140MEDIUMCVSS 6.5≥ 4.30, < 5.372023-07-17
CVE-2023-34140 [MEDIUM] CWE-120 CVE-2023-34140: A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2,
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, N
nvd
CVE-2021-35029CRITICALCVSS 9.8≥ 4.35, ≤ 5.012021-07-02
CVE-2021-35029 [CRITICAL] CWE-287 CVE-2021-35029: An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall se
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.
nvd
CVE-2019-12583CRITICALCVSS 9.1PoC≤ 10.02\(abfc.0\)c02019-06-27
CVE-2019-12583 [CRITICAL] CWE-425 CVE-2019-12583: Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices al
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
nvd