CVSS: 7.8EPSS: 5%CPEs: 145EXPL: 1CVE-2022-26532 – Zyxel Buffer Overflow / Format String / Command Injection
https://notcve.org/view.php?id=CVE-2022-26532
24 May 2022 — A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versi... • https://packetstorm.news/files/id/167464 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 1%CPEs: 145EXPL: 2CVE-2022-26531 – Zyxel zysh Format String Proof of Concept
https://notcve.org/view.php?id=CVE-2022-26531
24 May 2022 — Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earl... • https://packetstorm.news/files/id/177036 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 91%CPEs: 48EXPL: 0CVE-2022-0342
https://notcve.org/view.php?id=CVE-2022-0342
28 Mar 2022 — An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. Una vulnerabilidad de omisión de autenticación en el programa CGI de... • https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml • CWE-287: Improper Authentication •