Zyxel: >> Zywall Usg 100 Firmware Security Vulnerabilities
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-04-25
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-10