Shodan
Vulnerabilities
Vulnerable Software
Zyxel:  Security Vulnerabilities
CVE-2022-38546
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-12-21
CVE-2022-40603
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.
CVSS Score
4.7
EPSS Score
0.007
Published
2022-12-06
CVE-2022-40602
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-11-22
CVE-2020-15327
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-29
CVE-2020-15328
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-09-29
CVE-2020-15329
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-09-29
CVE-2020-15330
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-09-29
CVE-2020-15331
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-29
CVE-2020-15332
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-29
CVE-2020-15333
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-09-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved