zyxel

334 tracked vulnerabilities.

CVE-2025-3577 MEDIUM
Zyxel AMG1302-T10B Firmware 2.00(AAJC.16)C0 - Authenticated Path Traversal
Apr 22, 2025
CVSS 4.9
EPSS 0.10
CVE-2025-1732 MEDIUM
Zyxel USG FLEX H uOS <= V1.31 - Authenticated Privilege Escalation via Crafted Configuration File Upload
Apr 22, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-1731 HIGH
Zyxel uOS 1.20-1.31 - Authenticated Privilege Escalation via PostgreSQL Command Injection
Apr 22, 2025
CVSS 7.8
EPSS 0.01
CVE-2025-0890 CRITICAL
Zyxel Legacy DSL CPE Firmware - Insecure Default Telnet Credentials
Feb 04, 2025
CVSS 9.8
EPSS 0.13
CVE-2024-12010 HIGH
Zyxel DSL/ETHERNET CPE/FIBER ONT/WiFi Extender Firmware - Authenticated OS Command Injection via zyUtilMailSend
Mar 11, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-12009 HIGH
Zyxel DSL/ETH/ONT/Extender Firmware - Authenticated OS Command Injection via ZyEE Function
Mar 11, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-11253 HIGH
Zyxel DSL/ONT/Extender Firmware < 5.50(ABOM.8.5)C0 - Authenticated OS Command Injection via DNSServer Parameter
Mar 11, 2025
CVSS 7.2
EPSS 0.01
CVE-2024-40891 HIGH KEV
Zyxel VMG4325-B10A - Command Injection
Feb 04, 2025
CVSS 8.8
EPSS 0.20
CVE-2024-40890 HIGH KEV
Zyxel VMG4325-B10A - Command Injection
Feb 04, 2025
CVSS 8.8
EPSS 0.20
CVE-2024-12398 HIGH
Zyxel NWA/WA/WAX Firmware Authenticated Privilege Escalation via Config Upload
Jan 14, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-9200 HIGH
Zyxel VMG4005-B50A Firmware < 5.15(ABQA.2.2)C0 - Authenticated OS Command Injection via Diagnostic Host Parameter
Dec 03, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-9197 MEDIUM
Zyxel DX/EX Series Firmware Authenticated DoS via Buffer Overflow
Dec 03, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-8748 HIGH
Zyxel VMG8825-T50K - Buffer Overflow
Dec 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-11667 HIGH KEV
Zyxel ATP-USG FLEX-50(W) - Path Traversal
Nov 27, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-11494 HIGH
Zyxel P-6101C <P-6101CSA6AP_20140331 - Info Disclosure
Nov 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-8882 MEDIUM
Zyxel GS1900 Series Firmware < 2.90 - Authenticated Denial of Service via Crafted URL
Nov 12, 2024
CVSS 4.5
EPSS 0.00
CVE-2024-8881 MEDIUM
Zyxel GS1900 Series Firmware < 2.90 - Authenticated OS Command Injection via CGI Program
Nov 12, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-9677 MEDIUM
Zyxel uOS < 1.30 - Authenticated Privilege Escalation via CLI Token Theft
Oct 22, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-38269 MEDIUM
Zyxel VMG8825-T50K <5.50(ABOM.8)C0 - Memory Corruption
Sep 24, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-38268 MEDIUM
Zyxel VMG8825-T50K <5.50(ABOM.8)C0 - Memory Corruption
Sep 24, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-38267 MEDIUM
Zyxel VMG8825-T50K <5.50(ABOM.8)C0 - Memory Corruption
Sep 24, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-38266 MEDIUM
Zyxel VMG8825-T50K <5.50(ABOM.8)C0 - Memory Corruption
Sep 24, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-6342 CRITICAL
Zyxel NAS326 and NAS542 Firmware - Unauthenticated OS Command Injection via Export-CGI
Sep 10, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-38270 MEDIUM
Zyxel GS1900-10HP <V2.80(AAZI.0)C0 - Info Disclosure
Sep 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-7261 CRITICAL
Zyxel NWA/WAC/WAX/WBE/USG LITE Firmware - Unauthenticated OS Command Injection via Host Parameter
Sep 03, 2024
CVSS 9.8
EPSS 0.11