CVSS: 9.8EPSS: 91%CPEs: 48EXPL: 0CVE-2022-0342
https://notcve.org/view.php?id=CVE-2022-0342
28 Mar 2022 — An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. Una vulnerabilidad de omisión de autenticación en el programa CGI de... • https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 74EXPL: 0CVE-2021-35029
https://notcve.org/view.php?id=CVE-2021-35029
02 Jul 2021 — An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. Una vulnerabilidad de omisión de la autenticación en la interfaz de administración basada en web de Zyxel USG/Zywall series versiones de firmware 4.35 hasta 4.64 y USG Flex, ATP, y VPN versiones de firmware 4.35... • https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 8%CPEs: 42EXPL: 3CVE-2019-9955 – Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9955
16 Apr 2019 — On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. En dispositivos Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100. La página de inicio de sesión d... • https://packetstorm.news/files/id/152525 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •