cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11667,https://securityvulnerability.io/vulnerability/CVE-2024-11667,Directory Traversal Vulnerability in Zyxel ATP and USG FLEX Products,"CVE-2024-11667 is a directory traversal vulnerability identified in the web management interface of several Zyxel firmware versions. This flaw exists in Zyxel's ATP Series, USG FLEX Series, and USG20(W)-VPN Series firmware versions, which could potentially enable an unauthorized attacker to exploit crafted URLs to upload or download arbitrary files. Effective security measures and updated firmware are essential to protect against potential attacks leveraging this vulnerability. Organizations using these products should consult Zyxel's advisory for remediation steps.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",9.8,CRITICAL,0.18846000730991364,true,2024-12-03T00:00:00.000Z,true,true,true,2024-11-29T09:18:41.000Z,,false,false,,2024-11-27T09:39:41.691Z,0
CVE-2024-42061,https://securityvulnerability.io/vulnerability/CVE-2024-42061,"Reflected Cross-Site Scripting Vulnerability in Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series Firmware","A reflected cross-site scripting (XSS) vulnerability in the CGI program ""dynamic_script.cgi"" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-03T01:59:36.884Z,0
CVE-2024-42060,https://securityvulnerability.io/vulnerability/CVE-2024-42060,Post-Authentication Command Injection Vulnerability Affects Zyxel ATP Series devices,"The vulnerability in Zyxel products is a post-authentication command injection flaw that permits an authenticated user with administrative privileges to execute arbitrary operating system commands. This exploit arises when a crafted internal user agreement file is uploaded to affected devices, specifically those running vulnerable firmware versions across various Zyxel firewall product lines. Organizations using Zyxel ATP series, USG FLEX series, and USG20 VPN series should evaluate their systems for these vulnerabilities to prevent potential exploitation.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-03T01:54:57.221Z,0
CVE-2024-42059,https://securityvulnerability.io/vulnerability/CVE-2024-42059,Post-Authentication Command Injection Vulnerability,"A post-authentication command injection vulnerability exists in the firmware of multiple Zyxel products, specifically within the ATP series, USG FLEX series, and USG20(W)-VPN series. This vulnerability permits an authenticated attacker possessing administrator privileges to execute arbitrary operating system commands on affected devices. The exploitation vector involves uploading a specially crafted compressed language file via FTP. The following firmware versions are affected: ATP series from V5.00 to V5.38, USG FLEX series from V5.00 to V5.38, USG FLEX 50(W) series from V5.00 to V5.38, and USG20(W)-VPN series from V5.00 to V5.38. For further details and mitigations, it is advisable to refer to Zyxel's official security advisory.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",7.2,HIGH,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-03T01:51:20.796Z,0
CVE-2024-42058,https://securityvulnerability.io/vulnerability/CVE-2024-42058,Attackers Can Cause DoS Conditions with Targeted Packets Against Zyxel Devices,"A null pointer dereference vulnerability exists in the firmware of various Zyxel firewall products, including the ATP series and the USG FLEX series. This flaw allows unauthenticated attackers to send specially crafted packets to the affected devices, potentially leading to denial-of-service (DoS) conditions. Devices running the specified firmware versions are susceptible to disruptions, underlining the importance of prompt updates and patches to mitigate the risks associated with this vulnerability.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-03T01:47:29.258Z,0
CVE-2024-42057,https://securityvulnerability.io/vulnerability/CVE-2024-42057,"Unauthenticated Command Injection Vulnerability in Zyxel ATP Series, USG FLEX Series, and USG20(W)-VPN Series Firmware","A command injection vulnerability exists in the IPSec VPN feature of multiple Zyxel firewall products, including ATP and USG FLEX series. This vulnerability could permit an unauthenticated attacker to execute operating system commands on the targeted device. Exploitation requires the device to be configured in User-Based-PSK authentication mode and for there to be a valid user with a username longer than 28 characters. This potential risk highlights the need for users to monitor their configurations and implement necessary security measures.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",8.1,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-09-03T01:43:28.106Z,0
CVE-2024-6343,https://securityvulnerability.io/vulnerability/CVE-2024-6343,Zyxel ATP Series Buffer Overflow Vulnerability Could Lead to DoS Conditions,"A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware",4.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-03T01:28:27.056Z,0
CVE-2023-6764,https://securityvulnerability.io/vulnerability/CVE-2023-6764,Unauthorized Remote Code Execution Vulnerability in Zyxel ATP Series Firmware,"A format string vulnerability exists in the IPSec VPN feature of Zyxel's firmware, specifically impacting several models within the ATP and USG FLEX series. This vulnerability may allow an attacker to execute unauthorized remote code by utilizing a sequence of specially crafted payloads that exploit an invalid pointer. Successfully carrying out an attack necessitates a comprehensive understanding of the targeted device's memory layout and configuration, potentially making exploitation challenging.",Zyxel,"ATP series firmware,USG FLEX series firmware,USG FLEX 50(W) series firmware,USG20(W)-VPN series firmware",8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-20T02:14:09.814Z,0
CVE-2023-6399,https://securityvulnerability.io/vulnerability/CVE-2023-6399,Zyxel ATP Series Vulnerable to Format String Attack,"A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Usg Flex H Series Firmware",6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-02-20T01:42:21.027Z,0
CVE-2023-6398,https://securityvulnerability.io/vulnerability/CVE-2023-6398,"Post-Authentication Command Injection Vulnerability Affects Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, USG20(W)-VPN Series, NWA50AX, WAC500, WAX300H, and WBE660S Firmware","A post-authentication command injection vulnerability exists in multiple Zyxel devices, specifically within the file upload binary. This issue affects various firmware versions across multiple series, including Zyxel ATP, USG FLEX, and WAC series. When an attacker with administrator privileges accesses an affected device via FTP, they may execute arbitrary operating system commands, potentially compromising the integrity and functionality of the device. This vulnerability underscores the importance of keeping firewall and network equipment firmware updated to safeguard against potential attacks.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax300h Firmware,Wbe660s Firmware,Usg Flex H Series Firmware",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-20T01:34:32.229Z,0
CVE-2023-5797,https://securityvulnerability.io/vulnerability/CVE-2023-5797,"Improper Privilege Management in Zyxel ATP, USG FLEX, and NWA Series Firmware","An improper privilege management vulnerability exists in the debug CLI command of various Zyxel firmware products, allowing an authenticated local attacker to exploit this weakness. By leveraging this vulnerability, the attacker could potentially access sensitive administrator logs, thereby compromising the confidentiality and integrity of device management logs across several series, including ATP, USG FLEX, and various Access Points. It's crucial for users to apply the necessary patches and updates to secure their devices against possible exploitation.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax300h Firmware,Wbe660s Firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T03:15:00.000Z,0
CVE-2023-4398,https://securityvulnerability.io/vulnerability/CVE-2023-4398,Integer Overflow Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"An integer overflow vulnerability exists in the QuickSec IPSec toolkit that could allow an unauthenticated attacker to exploit the VPN functionality in impacted Zyxel devices. By sending a specially crafted IKE packet, the attacker may initiate a denial-of-service (DoS) condition, causing affected devices to become unresponsive. This vulnerability affects multiple firmware versions of Zyxel's ATP and USG FLEX series, posing significant security risks if not addressed.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware",7.5,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-4397,https://securityvulnerability.io/vulnerability/CVE-2023-4397,Buffer Overflow Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"A buffer overflow vulnerability exists in the Zyxel ATP series and USG FLEX series firmware version 5.37. This flaw enables an authenticated local attacker with administrative privileges to exploit the vulnerability by executing specific Command Line Interface (CLI) commands containing crafted strings. The successful exploitation may lead to denial-of-service (DoS) conditions on the affected device, compromising the integrity and availability of the network services.",Zyxel,"ATP series firmware,USG FLEX series firmware, USG FLEX 50(W) series firmware,USG20(W)-VPN series firmware",4.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-5650,https://securityvulnerability.io/vulnerability/CVE-2023-5650,Improper Privilege Management Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"An improper privilege management flaw in the ZySH component of several Zyxel firewall firmware versions could enable an authenticated local attacker to tamper with the registration page URL in the web GUI of affected devices. This vulnerability compromises the integrity of the device settings, potentially leading to further attacks or unauthorized access.",Zyxel,"ATP series firmware,USG FLEX series firmware,USG FLEX 50(W) series firmware, USG20(W)-VPN series firmware,VPN series firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-35139,https://securityvulnerability.io/vulnerability/CVE-2023-35139,Cross-Site Scripting Vulnerability in Zyxel ATP and USG FLEX Firmware,"A cross-site scripting vulnerability exists in the CGI program of Zyxel's ATP series and USG FLEX series firmware. This flaw affects multiple firmware versions, allowing unauthenticated LAN-based attackers to store malicious scripts on vulnerable devices. If exploited, these scripts may execute and lead to the theft of cookies when users access specific CGIs used for ZTP log dumping. This vulnerability poses a significant risk to affected products by enabling attackers to manipulate sessions and extract sensitive information.",Zyxel,"ATP series firmware,USG FLEX series firmware, USG FLEX 50(W) series firmware,USG20(W)-VPN series firmware,VPN series firmware",6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-37925,https://securityvulnerability.io/vulnerability/CVE-2023-37925,Improper Privilege Management in Zyxel ATP and USG FLEX Products,"The vulnerability presents an improper privilege management issue within the debug CLI command of specific Zyxel firmware versions. This flaw could potentially allow authenticated local attackers to access sensitive system files on the affected devices, exposing critical data and control mechanisms.",Zyxel,"ATP series firmware,USG FLEX series firmware,USG FLEX 50(W) series firmware,USG20(W)-VPN series firmware,VPN series firmware,NWA50AX firmware,WAC500 firmware,WAX300H firmware,WBE660S firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-37926,https://securityvulnerability.io/vulnerability/CVE-2023-37926,Buffer Overflow Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"A critical buffer overflow vulnerability in specific firmware versions of Zyxel's ATP and USG FLEX series could potentially allow local authenticated attackers to trigger denial-of-service (DoS) conditions. By executing a tailored CLI command designed to dump system logs, attackers could exploit this flaw, impacting the normal operation of affected devices. Users are advised to review their firmware versions and update to secure their systems against potential exploitation.",Zyxel,"ATP series firmware,USG FLEX series firmware,USG FLEX 50(W) series firmware,USG20(W)-VPN series firmware,VPN series firmware",5.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-35136,https://securityvulnerability.io/vulnerability/CVE-2023-35136,Improper Input Validation in Zyxel ATP and USG FLEX Series Firmware,"The Zyxel ATP and USG FLEX series firmware contain an improper input validation vulnerability within the Quagga package. This flaw permits an authenticated local attacker to potentially access sensitive configuration files on the device, which could lead to further unauthorized actions and compromise the device's integrity.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-34141,https://securityvulnerability.io/vulnerability/CVE-2023-34141,Command Injection Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"A command injection vulnerability exists in the access point management functionality of Zyxel's firmware, affecting several product lines. An attacker on the local network can exploit this flaw to execute arbitrary OS commands on targeted devices by manipulating the managed AP list, contingent upon convincing an authorized administrator to add their IP address. This highlights the importance of stringent access controls and vigilance in network management practices to safeguard against potential exploits.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware,Nxc2500 Firmware,Nxc5500 Firmware",8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-07-17T18:15:00.000Z,0
CVE-2023-34138,https://securityvulnerability.io/vulnerability/CVE-2023-34138,Command Injection Flaw in Zyxel ATP & USG FLEX Firmware,"A command injection vulnerability exists in the hotspot management feature of Zyxel ATP and USG FLEX series firmware versions 4.60 to 5.36 Patch 2. This flaw allows unauthenticated, LAN-based attackers to execute arbitrary operating system commands on compromised devices. The attack is initiated if the attacker successfully persuades an authorized administrator to add their IP address to the trusted RADIUS clients list. Mitigation steps are essential to prevent exploitation of this security weakness.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware",8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-07-17T18:15:00.000Z,0
CVE-2023-33012,https://securityvulnerability.io/vulnerability/CVE-2023-33012,Unauthenticated Command Injection Vulnerability in Zyxel ATP Series Firmware,"A command injection vulnerability exists within the configuration parser of the Zyxel ATP series and USG FLEX series firmware. This flaw may enable an unauthenticated attacker on the local network to execute arbitrary operating system commands by delivering a specially crafted Generic Routing Encapsulation (GRE) configuration, particularly when the cloud management mode is active. This vulnerability highlights the importance of proper input sanitization within network device firmware to prevent unauthorized access and potential exploitation.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware",8.8,HIGH,0.24244000017642975,false,,false,false,false,,,false,false,,2023-07-17T18:15:00.000Z,0
CVE-2023-33011,https://securityvulnerability.io/vulnerability/CVE-2023-33011,Format String Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"This vulnerability exists in the Zyxel ATP and USG FLEX series firmware, allowing an unauthenticated attacker within the local network to execute arbitrary operating system commands. By leveraging a specially crafted PPPoE configuration while the cloud management mode is active, attackers can exploit this flaw on the specified firmware versions, potentially compromising device integrity and network security.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware",8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-07-17T18:15:00.000Z,0
CVE-2023-34140,https://securityvulnerability.io/vulnerability/CVE-2023-34140,Buffer Overflow Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"A buffer overflow risk exists in multiple Zyxel firmware versions, enabling a possible denial of service (DoS) through the CAPWAP daemon. This vulnerability allows an unauthenticated attacker on the local area network (LAN) to manipulate crafted requests, potentially leading to service disruptions. Users are urged to update their firmware to mitigate these risks.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware,Nxc2500 Firmware,Nxc5500 Firmware",6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-07-17T18:15:00.000Z,0
CVE-2023-28767,https://securityvulnerability.io/vulnerability/CVE-2023-28767,Input Validation Flaw in Zyxel Firewall Firmware,"A vulnerability exists in the configuration parser of Zyxel's firewall firmware that fails to adequately sanitize user-controlled input. This issue affects multiple firmware versions across the Zyxel ATP and USG FLEX series. An unauthenticated attacker on the local network could exploit this weakness when cloud management mode is enabled, allowing for the injection of operating system commands into the device’s configuration data, potentially compromising device integrity and security.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-07-17T17:15:00.000Z,0
CVE-2023-33009,https://securityvulnerability.io/vulnerability/CVE-2023-33009,Buffer Overflow Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"A buffer overflow vulnerability exists in the notification function of Zyxel's ATP and USG FLEX series firmware, allowing unauthenticated attackers to exploit this weakness. Successful exploitation may lead to denial-of-service conditions or remote code execution on affected devices, jeopardizing network security and integrity. This vulnerability impacts multiple firmware versions and demands immediate attention for mitigating potential threats.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Firmware,Usg20(w)-vpn Firmware,Vpn Series Firmware,Zywall/usg Series Firmware",9.8,CRITICAL,0.008580000139772892,true,2023-06-05T00:00:00.000Z,false,false,true,2023-06-05T00:00:00.000Z,,false,false,,2023-05-24T00:00:00.000Z,0