CVE-2020-25014
https://notcve.org/view.php?id=CVE-2020-25014
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet. Un desbordamiento de búfer en la región stack de la memoria en el archivo fbwifi_continue.cgi en Zyxel serie UTM y VPN de puertas de enlace que ejecutan la versión de firmware V4.30 hasta la V4.55, lo que permite a atacantes remotos no autenticados ejecutar código arbitrario por medio de un paquete http diseñado • https://businessforum.zyxel.com/categories/security-news-and-release https://www.zyxel.com/support/Zyxel-security-advisory-for-buffer-overflow-vulnerability.shtml • CWE-787: Out-of-bounds Write •
CVE-2019-12583
https://notcve.org/view.php?id=CVE-2019-12583
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service. El control de acceso que falta en el componente "Tiempo libre" de varios dispositivos Zyxel UAG, USG y ZyWall permite que un atacante remoto genere cuentas de invitado al acceder directamente al generador de cuentas. Esto puede llevar a un acceso no autorizado a la red o a una denegación de servicio. • https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml • CWE-425: Direct Request ('Forced Browsing') •
CVE-2019-9955 – Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9955
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. En dispositivos Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100. La página de inicio de sesión del servidor de seguridad es vulnerable a Reflected XSS por medio del parámetro 'mp_idx' no saneado. ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46706 http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Apr/22 https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-9129
https://notcve.org/view.php?id=CVE-2018-9129
ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. Los dispositivos ZyXEL de la serie ZyWALL/USG tienen una vulnerabilidad de Bleichenbacher en su implementación de handshake de intercambio de claves de Internet (IKE) utilizado para conexiones VPN basadas en IPsec. • ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32%28AAPH.0%29C0_2.pdf https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml •