CVSS: 9.8EPSS: 2%CPEs: 90EXPL: 0CVE-2023-33010 – Zyxel Multiple Firewalls Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-33010
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 92EXPL: 0CVE-2023-33009 – Zyxel Multiple Firewalls Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-33009
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. Una vulnerabilidad de desbordamiento de búfer en la función de notificación en las versiones de firmware de la serie Zyxel ATP 4.60 a 5.36 Parche 1, versiones de firmware de la serie USG FLEX 4.60 a 5.36 Parche 1, versiones de firmware USG FLEX 50(W) 4.60 a 5.36 Parche 1, USG20(W)- Las versiones de firmware VPN 4.60 a 5.36, parche 1, las versiones de firmware de la serie VPN 4.60 a 5.36, parche 1, las versiones de firmware de la serie ZyWALL/USG 4.60 a 4.73, parche 1, podrían permitir que un atacante no autenticado provoque condiciones de denegación de servicio (DoS) e incluso un ejecución remota de código en un dispositivo afectado. Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 145EXPL: 0CVE-2022-26532 – Zyxel Buffer Overflow / Format String / Command Injection
https://notcve.org/view.php?id=CVE-2022-26532
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. Una vulnerabilidad de inyección de argumentos en el comando CLI "packet-trace" de Zyxel USG/ZyWALL versiones 4.09 hasta 4.71, USG FLEX series versiones 4.50 hasta 5.21, ATP series versiones 4.32 hasta 5.21, VPN series versiones 4.30 hasta 5.21, NSG series versiones 1.00 hasta 1.33 Patch 4, NXC2500 versión de firmware 6.10(AAIG.3 ) y versiones anteriores, NAP203 versión de firmware 6.25(ABFA.7) y versiones anteriores, NWA50AX versión de firmware 6.25(ABYW.5) y versiones anteriores, WAC500 versión de firmware 6.30(ABVS.2) y versiones anteriores, WAX510D versión de firmware 6.30(ABTF.2) y versiones anteriores, que podría permitir a un atacante local autenticado ejecutar comandos arbitrarios del sistema operativo mediante una inclusión de argumentos diseñados en el comando CLI Zyxel firewalls, AP controllers, and APs suffer from buffer overflow, format string, and command injection vulnerabilities. • http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html http://seclists.org/fulldisclosure/2022/Jun/15 https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.5EPSS: 0%CPEs: 64EXPL: 0CVE-2022-0910
https://notcve.org/view.php?id=CVE-2022-0910
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. Se ha detectado una vulnerabilidad en el programa CGI de Zyxel USG/ZyWALL versiones de firmware 4.32 hasta 4.71, USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series versiones de firmware 4.32 hasta 5.21, y VPN series versiones de firmware 4.32 hasta 5.21, que podría permitir a un atacante autenticado omitir la segunda fase de autenticación para conectarse al servidor VPN IPsec aunque la autenticación de dos factores (2FA) estuviera habilitada • https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2022-0734
https://notcve.org/view.php?id=CVE-2022-0734
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. Se identificó una vulnerabilidad de tipo cross-site scripting en el programa CGI de Zyxel USG/ZyWALL series versiones de firmware 4.35 hasta 4.70 , USG FLEX series versiones de firmware 4.50 hasta 5.20, ATP series versiones de firmware 4.35 hasta 5.20 y VPN series versiones de firmware 4.35 hasta 5.20, que podría permitir a un atacante obtener alguna información almacenada en el navegador del usuario, como cookies o tokens de sesión, por medio de un script malicioso • https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •