Shodan
Vulnerabilities
Vulnerable Software
Zyxel:  Security Vulnerabilities
CVE-2015-5990
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
CVSS Score
8.8
EPSS Score
0.001
Published
2015-12-31
CVE-2015-5989
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
CVSS Score
9.8
EPSS Score
0.034
Published
2015-12-31
CVE-2015-5988
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVSS Score
9.8
EPSS Score
0.016
Published
2015-12-31
CVE-2015-5987
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
CVSS Score
8.6
EPSS Score
0.006
Published
2015-12-31
CVE-2015-7284
Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.
CVSS Score
8.0
EPSS Score
0.001
Published
2015-12-31
CVE-2015-7283
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVSS Score
8.1
EPSS Score
0.01
Published
2015-12-31
CVE-2015-6020
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.
CVSS Score
8.0
EPSS Score
0.002
Published
2015-12-31
CVE-2015-6019
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
CVSS Score
8.5
EPSS Score
0.004
Published
2015-12-31
CVE-2015-6018
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
CVSS Score
9.8
EPSS Score
0.221
Published
2015-12-31
CVE-2015-6017
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.
CVSS Score
6.1
EPSS Score
0.006
Published
2015-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved