CVSS: 8.2EPSS: 0%CPEs: 92EXPL: 0CVE-2022-43393
https://notcve.org/view.php?id=CVE-2022-43393
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. Una verificación inadecuada de condiciones inusuales o excepcionales en la función de procesamiento de solicitudes HTTP del firmware Zyxel GS1920-24v2 anterior a V4.70(ABMH.8)C0, que podría permitir que un atacante no autenticado corrompa el contenido de la memoria y resulte en una condición de denegación de servicio (DoS) en un dispositivo vulnerable. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2022-43389
https://notcve.org/view.php?id=CVE-2022-43389
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. Una vulnerabilidad de desbordamiento de búfer en la librería del servidor web en el firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podría permitir que un atacante no autenticado ejecute algunos comandos del sistema operativo o cause condiciones de denegación de servicio (DoS) en un dispositivo vulnerable. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38546
https://notcve.org/view.php?id=CVE-2022-38546
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode. Se encontró una configuración incorrecta de DNS en las versiones de firmware del Zyxel NBG7510 anteriores a la V1.00(ABZY.3)C0, lo que podría permitir que un atacante no autenticado acceda al servidor DNS cuando el dispositivo cambia al modo AP. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dns-misconfiguration-in-nbg7510-home-router • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2022-40603
https://notcve.org/view.php?id=CVE-2022-40603
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser. Una vulnerabilidad de Cross-Site Scripting (XSS) en el programa CGI de las versiones de firmware de la serie Zyxel ZyWALL/USG 4.30 a 4.72, versiones de firmware de la serie VPN 4.30 a 5.31, versiones de firmware de la serie USG FLEX 4.50 a 5.31 y versiones de firmware de la serie ATP 4.32 a 5.31. , lo que podría permitir a un atacante engañar a un usuario para que visite una URL manipulada con el payload XSS. Luego, el atacante podría obtener acceso a cierta información basada en el navegador si el script malicioso se ejecuta en el navegador de la víctima. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-in-firewalls • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40602
https://notcve.org/view.php?id=CVE-2022-40602
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. Una falla en las versiones de firmware Zyxel LTE3301-M209 anteriores a V1.00(ABLG.6)C0 podría permitir que un atacante remoto acceda al dispositivo usando una contraseña preconfigurada incorrecta si la función de administración remota ha sido habilitada por un administrador autenticado. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-configured-password-vulnerability-of-lte3301-m209 • CWE-287: Improper Authentication CWE-798: Use of Hard-coded Credentials •