CVSS: 9.8EPSS: 0%CPEs: 74EXPL: 0CVE-2021-35029
https://notcve.org/view.php?id=CVE-2021-35029
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. Una vulnerabilidad de omisión de la autenticación en la interfaz de administración basada en web de Zyxel USG/Zywall series versiones de firmware 4.35 hasta 4.64 y USG Flex, ATP, y VPN versiones de firmware 4.35 hasta 5.01, que podría permitir a un atacante remoto ejecutar comandos arbitrarios en un dispositivo afectado • https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 96%CPEs: 30EXPL: 0CVE-2020-29583 – Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2020-29583
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. La versión de firmware 4.60 de los dispositivos Zyxel USG contiene una cuenta no documentada (zyfwp) con una contraseña que no puede ser cambiada. La contraseña para esta cuenta se puede encontrar en texto sin cifrar en el firmware. • http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15 https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583 https://www.zyxel.com/support/CVE- • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 97%CPEs: 54EXPL: 2CVE-2020-9054 – Zyxel Multiple NAS Devices OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-9054
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. • https://github.com/darrenmartyn/CVE-2020-9054 https://cwe.mitre.org/data/definitions/78.html https://kb.cert.org/artifacts/cve-2020-9054.html https://kb.cert.org/vuls/id/498544 https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 3%CPEs: 42EXPL: 2CVE-2019-9955 – Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9955
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. En dispositivos Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100. La página de inicio de sesión del servidor de seguridad es vulnerable a Reflected XSS por medio del parámetro 'mp_idx' no saneado. ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46706 http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Apr/22 https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •