Zyxel Zyxel

  1. Vendors
  2. Zyxel
Do you want an email whenever new security vulnerabilities are reported in any Zyxel product?

Products by Zyxel Sorted by Most Security Vulnerabilities since 2018

Zyxel Cloudcnm Secumanager23 vulnerabilities

Zyxel Amg1202 T10b1 vulnerability

Zyxel P 335wt Router1 vulnerability

Zyxel P 660hw D11 vulnerability

Zyxel Secuextender Ssl Vpn1 vulnerability

Zyxel Vmg8324 B10a1 vulnerability

Zyxel Ap Configurator1 vulnerability

Known Exploited Zyxel Vulnerabilities

The following Zyxel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Zyxel EMG2926 Routers Command Injection Vulnerability Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. CVE-2017-6884 September 18, 2023
Zyxel P660HN-T1A Routers Command Injection Vulnerability Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page. CVE-2017-18368 August 7, 2023
Zyxel Multiple NAS Devices Command Injection Vulnerability Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request. CVE-2023-27992 June 23, 2023
Zyxel Multiple Firewalls Buffer Overflow Vulnerability Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. CVE-2023-33009 June 5, 2023
Zyxel Multiple Firewalls Buffer Overflow Vulnerability Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. CVE-2023-33010 June 5, 2023
Zyxel Multiple Firewalls OS Command Injection Vulnerability Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device. CVE-2023-28771 May 31, 2023
Zyxel Multiple Firewalls OS Command Injection Vulnerability A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. CVE-2022-30525 May 16, 2022
Zyxel Multiple NAS Devices OS Command Injection Vulnerability Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. CVE-2020-9054 March 25, 2022
ZyXEL Unified Security Gateway Undocumented Administrator Account with Default Credentials Firmware version 4.60 of ZyXEL USG devices contains an undocumented account (zyfwp) with an unchangeable password. CVE-2020-29583 November 3, 2021

By the Year

In 2024 there have been 0 vulnerabilities in Zyxel . Last year Zyxel had 1 security vulnerability published. Right now, Zyxel is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 0.00
2022 22 6.36
2021 0 0.00
2020 3 7.50
2019 0 0.00
2018 0 0.00

It may take a day or so for new Zyxel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Zyxel Security Vulnerabilities

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could

CVE-2023-5593 - November 20, 2023

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.

CVE-2020-15327 7.5 - High - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.

Use of Hard-coded Credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.

CVE-2020-15328 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.

Incorrect Permission Assignment for Critical Resource

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.

CVE-2020-15329 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.

Incorrect Permission Assignment for Critical Resource

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.

CVE-2020-15330 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.

CVE-2020-15331 9.8 - Critical - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.

CVE-2020-15332 9.8 - Critical - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.

Cleartext Storage of Sensitive Information

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1

CVE-2020-15333 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.

SQL Injection

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1

CVE-2020-15334 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.

CVE-2020-15337 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.

AuthZ

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.

CVE-2020-15338 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.

AuthZ

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1

CVE-2020-15339 6.1 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.

XSS

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.

CVE-2020-15340 7.5 - High - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.

CVE-2020-15341 7.5 - High - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.

Insufficiently Protected Credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.

CVE-2020-15342 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.

CVE-2020-15343 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.

CVE-2020-15344 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.

CVE-2020-15345 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.

CVE-2020-15346 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.

Missing Encryption of Sensitive Data

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.

CVE-2020-15347 9.8 - Critical - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.

Insufficiently Protected Credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.

CVE-2020-15326 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.

Use of Hard-coded Credentials

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.

CVE-2020-15325 5.3 - Medium - September 29, 2022

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.

Cleartext Storage of Sensitive Information

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could

CVE-2022-0556 7.8 - High - April 11, 2022

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.

Incorrect Permission Assignment for Critical Resource

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.

CVE-2020-15335 7.5 - High - June 26, 2020

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.

Missing Authentication for Critical Function

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.

CVE-2020-15336 7.5 - High - June 26, 2020

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.

Missing Authentication for Critical Function

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL

CVE-2020-12695 7.5 - High - June 08, 2020

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Incorrect Default Permissions

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header

CVE-2013-6786 - January 16, 2014

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.

XSS

ZyXEL P-335WT router

CVE-2006-2562 - May 24, 2006

ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

Permissions, Privileges, and Access Controls

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.