Lucene search

ZyWALL VPN2S Firmware Security Vulnerabilities

cve

CVE-2023-34138

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware...

8CVSS

8.1AI Score

0.0005EPSS

2023-07-17 06:15 PM

cve

CVE-2023-34140

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN.....

6.5CVSS

6.5AI Score

0.0004EPSS

2023-07-17 06:15 PM

cve

CVE-2023-33012

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions...

8.8CVSS

8.9AI Score

0.0005EPSS

2023-07-17 06:15 PM

cve

CVE-2023-34139

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected....

8.8CVSS

9AI Score

0.0005EPSS

2023-07-17 06:15 PM

cve

CVE-2023-34141

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series...

8CVSS

8.1AI Score

0.0005EPSS

2023-07-17 06:15 PM

cve

CVE-2023-33011

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and...

8.8CVSS

8.6AI Score

0.001EPSS

2023-07-17 06:15 PM

cve

CVE-2023-28767

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36,...

8.8CVSS

8.6AI Score

0.001EPSS

2023-07-17 05:15 PM

cve

CVE-2021-35028

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS...

7.8CVSS

7.8AI Score

0.0004EPSS

2021-09-29 11:15 AM

cve

CVE-2021-35027

A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive...

7.5CVSS

7.6AI Score

0.004EPSS

2021-09-29 11:15 AM