cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7261,https://securityvulnerability.io/vulnerability/CVE-2024-7261,"Unauthenticated OS Command Execution Vulnerability in Zyxel NWA1123ACv3, WAC500, WAX655E, WBE530, and USG LITE 60AX Firmware","An OS command injection vulnerability exists in the CGI program of several Zyxel network devices due to improper neutralization of special elements in the 'host' parameter. This flaw can allow unauthenticated attackers to execute arbitrary OS commands on vulnerable devices by sending specially crafted cookies. The affected products include various firmware versions of the NWA1123ACv3, WAC500, WAX655E, WBE530, and USG LITE 60AX, which can expose organizations to significant security risks.",Zyxel,"Nwa1123acv3 Firmware,Wac500 Firmware,Wax655e Firmware,Wbe530 Firmware,Usg Lite 60ax Firmware",9.8,CRITICAL,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-09-03T02:10:25.112Z,0
CVE-2023-6398,https://securityvulnerability.io/vulnerability/CVE-2023-6398,"Post-Authentication Command Injection Vulnerability Affects Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, USG20(W)-VPN Series, NWA50AX, WAC500, WAX300H, and WBE660S Firmware","A post-authentication command injection vulnerability exists in multiple Zyxel devices, specifically within the file upload binary. This issue affects various firmware versions across multiple series, including Zyxel ATP, USG FLEX, and WAC series. When an attacker with administrator privileges accesses an affected device via FTP, they may execute arbitrary operating system commands, potentially compromising the integrity and functionality of the device. This vulnerability underscores the importance of keeping firewall and network equipment firmware updated to safeguard against potential attacks.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax300h Firmware,Wbe660s Firmware,Usg Flex H Series Firmware",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-20T01:34:32.229Z,0
CVE-2023-5797,https://securityvulnerability.io/vulnerability/CVE-2023-5797,"Improper Privilege Management in Zyxel ATP, USG FLEX, and NWA Series Firmware","An improper privilege management vulnerability exists in the debug CLI command of various Zyxel firmware products, allowing an authenticated local attacker to exploit this weakness. By leveraging this vulnerability, the attacker could potentially access sensitive administrator logs, thereby compromising the confidentiality and integrity of device management logs across several series, including ATP, USG FLEX, and various Access Points. It's crucial for users to apply the necessary patches and updates to secure their devices against possible exploitation.",Zyxel,"Atp Series Firmware,Usg Flex Series Firmware,Usg Flex 50(w) Series Firmware,Usg20(w)-vpn Series Firmware,Vpn Series Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax300h Firmware,Wbe660s Firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T03:15:00.000Z,0
CVE-2023-37925,https://securityvulnerability.io/vulnerability/CVE-2023-37925,Improper Privilege Management in Zyxel ATP and USG FLEX Products,"The vulnerability presents an improper privilege management issue within the debug CLI command of specific Zyxel firmware versions. This flaw could potentially allow authenticated local attackers to access sensitive system files on the affected devices, exposing critical data and control mechanisms.",Zyxel,"ATP series firmware,USG FLEX series firmware,USG FLEX 50(W) series firmware,USG20(W)-VPN series firmware,VPN series firmware,NWA50AX firmware,WAC500 firmware,WAX300H firmware,WBE660S firmware",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-28T02:15:00.000Z,0
CVE-2023-22918,https://securityvulnerability.io/vulnerability/CVE-2023-22918,Information Exposure Vulnerability in Zyxel ATP and USG FLEX Series Firmware,"An information exposure vulnerability exists in the CGI program of Zyxel's ATP and USG FLEX series firmware, affecting several versions. This flaw enables remote authenticated attackers to potentially access sensitive, encrypted administrative information from affected devices. The vulnerability affects multiple products including several versions of the Zyxel ATP, USG FLEX, and VPN series firmware, as well as selected access points, putting administrative data at risk.",Zyxel,"ATP series firmware,USG FLEX series firmware,USG FLEX 50(W) firmware,USG20(W)-VPN firmware,VPN series firmware,NWA110AX firmware,WAC500 firmware,WAX510D firmware",6.5,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-04-24T00:00:00.000Z,0
CVE-2022-26532,https://securityvulnerability.io/vulnerability/CVE-2022-26532,Argument Injection Vulnerability in Zyxel USG/ZyWALL Series Firmware,"A vulnerability exists within the 'packet-trace' CLI command in various Zyxel firmware versions, allowing a local authenticated attacker to inject crafted arguments that could potentially execute arbitrary operating system commands. This poses a significant security risk for network environments relying on affected Zyxel products, highlighting the need for timely updates and strong access controls.",Zyxel,"Usg/zywall Series Firmware,Usg Flex Series Firmware,Atp Series Firmware,Vpn Series Firmware,Nsg Series Firmware,Nxc2500 Firmware,Nap203 Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax510d Firmware",7.8,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2022-05-24T05:20:09.000Z,0
CVE-2022-26531,https://securityvulnerability.io/vulnerability/CVE-2022-26531,Improper Input Validation Vulnerabilities in Zyxel Firewall Products,"Multiple improper input validation flaws in Zyxel's CLI commands for various firewall and network security products could allow authenticated local attackers to execute malicious payloads. Exploitation may lead to severe consequences such as buffer overflow, potentially resulting in a system crash, which compromises the integrity and availability of the affected systems. The vulnerability spans across several firmware versions, necessitating immediate attention from users and administrators to mitigate risks.",Zyxel,"Usg/zywall Series Firmware,Usg Flex Series Firmware,Atp Series Firmware,Vpn Series Firmware,Nsg Series Firmware,Nxc2500 Firmware,Nap203 Firmware,Nwa50ax Firmware,Wac500 Firmware,Wax510d Firmware",6.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-05-24T05:05:12.000Z,0