Filtered by vendor Zyxel
Subscriptions
Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1302 | 5 Cisco, Samsung, Sun and 2 more | 22 Nexus 92160yc-x, Nexus 92304qc, Nexus 9236c and 19 more | 2025-04-12 | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | ||||
| CVE-2016-1348 | 6 Cisco, Netgear, Samsung and 3 more | 6 Ios Xe, Jr6150 Firmware, X14j Firmware and 3 more | 2025-04-12 | N/A |
| Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | ||||
| CVE-2015-7284 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2016-1350 | 6 Cisco, Lenovo, Samsung and 3 more | 6 Ios Xe, Thinkcentre E75s Firmware, X14j Firmware and 3 more | 2025-04-12 | N/A |
| Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | ||||
| CVE-2014-0356 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2025-04-12 | N/A |
| The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command. | ||||
| CVE-2015-7283 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-04-12 | N/A |
| The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | ||||
| CVE-2015-6020 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2025-04-12 | N/A |
| ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | ||||
| CVE-2016-1349 | 7 Cisco, Intel, Netgear and 4 more | 7 Ios Xe, Core I5-9400f Firmware, Jr6150 Firmware and 4 more | 2025-04-12 | N/A |
| The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | ||||
| CVE-2015-6019 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2025-04-12 | N/A |
| The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | ||||
| CVE-2015-5987 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | N/A |
| Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | ||||
| CVE-2011-4504 | 2 Genmei Mori, Zyxel | 2 Pseudoics, P-330w Router | 2025-04-11 | N/A |
| The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| CVE-2011-0746 | 1 Zyxel | 1 O2 Dsl Router Classic | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter. | ||||
| CVE-2013-6786 | 6 Allegrosoft, Dlink, Huawei and 3 more | 7 Rompager, Dsl-2640r, Dsl-2641r and 4 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. | ||||
| CVE-2022-43389 | 1 Zyxel | 34 Ep240p, Ep240p Firmware, Lte3202-m437 and 31 more | 2025-04-09 | 8.6 High |
| A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | ||||
| CVE-2008-1261 | 1 Zyxel | 1 P-2602hw-d1a | 2025-04-09 | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI. | ||||
| CVE-2007-1586 | 1 Zyxel | 1 Zynos | 2025-04-09 | N/A |
| ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | ||||
| CVE-2008-2167 | 1 Zyxel | 1 Zywall 100 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page. | ||||
| CVE-2007-6729 | 1 Zyxel | 1 P-330w Router | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors. | ||||
| CVE-2008-1529 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2025-04-09 | N/A |
| ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods. | ||||
| CVE-2008-1527 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2025-04-09 | N/A |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack. | ||||