CVSS: 10.0EPSS: 11%CPEs: 2EXPL: 2CVE-2021-4039 – Zyxel NWA-1100-NH - Command Injection
https://notcve.org/view.php?id=CVE-2021-4039
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. Una vulnerabilidad de inyección de comandos en la interfaz web del firmware Zyxel NWA-1100-NH podría permitir a un atacante ejecutar comandos arbitrarios del Sistema Operativo en el dispositivo. Zyxel NWA-1100-NH suffers from a command injection vulnerability. • https://www.exploit-db.com/exploits/50870 http://packetstormsecurity.com/files/166752/Zyxel-NWA-1100-NH-Command-Injection.html https://www.zyxel.com/support/OS-command-injection-vulnerability-of-NWA1100-NH-access-point.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-35036
https://notcve.org/view.php?id=CVE-2021-35036
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. Una vulnerabilidad de almacenamiento de información en texto claro en la versión V5.50(ABTL.0)b2k del firmware de Zyxel VMG3625-T50B podría permitir a un atacante autenticado obtener información sensible del archivo de configuración • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4029
https://notcve.org/view.php?id=CVE-2021-4029
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. Una vulnerabilidad de inyección de comandos en el programa CGI del firmware Zyxel ARMOR Z1/Z2 podría permitir a un atacante ejecutar comandos arbitrarios del sistema operativo por medio de una interfaz LAN • https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4030
https://notcve.org/view.php?id=CVE-2021-4030
A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts. Una vulnerabilidad de tipo cross-site request forgery en el demonio HTTP del firmware Zyxel ARMOR Z1/Z2 podría permitir a un atacante ejecutar comandos arbitrarios si coacciona o engaña a un usuario local para que visite un sitio web comprometido con scripts maliciosos • https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35035
https://notcve.org/view.php?id=CVE-2021-35035
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. Una vulnerabilidad de almacenamiento de texto sin cifrar de información confidencial en el firmware de Zyxel NBG6604 podría permitir a un atacante remoto y autenticado obtener información confidencial del archivo de configuración • https://www.zyxel.com/support/Zyxel_security_advisory_for_sensitive_information_vulnerabilities_of_NBG6604_home_router.shtml • CWE-312: Cleartext Storage of Sensitive Information •