CVSS: 7.8EPSS: 21%CPEs: 1EXPL: 0CVE-2024-8234
https://notcve.org/view.php?id=CVE-2024-8234
30 Aug 2024 — A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device. ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute s... • https://github.com/GroundCTL2MajorTom/pocs/blob/main/zyxel_NWAW1100-N_rce.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 50EXPL: 0CVE-2015-7256
https://notcve.org/view.php?id=CVE-2015-7256
27 Sep 2017 — ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. Los puntos de acceso ZyXEL NWA1100-N, NWA1100-NH, ... • http://www.kb.cert.org/vuls/id/566724 • CWE-310: Cryptographic Issues •