Shodan
Vulnerabilities
Vulnerable Software
Zyxel:  Security Vulnerabilities
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
CVSS Score
8.8
EPSS Score
0.024
Published
2019-04-09
CVE-2019-10634
An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-04-09
CVE-2019-7391
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-03-21
CVE-2019-6710
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-03-07
CVE-2018-14892
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
CVSS Score
8.8
EPSS Score
0.018
Published
2018-11-27
CVE-2018-14893
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
CVSS Score
8.8
EPSS Score
0.117
Published
2018-11-27
CVE-2018-19326
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
CVSS Score
7.5
EPSS Score
0.576
Published
2018-11-17
CVE-2017-17550
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-10
CVE-2018-18754
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
CVE-2018-15602
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved