CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

zyxel

usg2200-vpn_firmware

4 known vulnerabilities · sorted by CVSS score

CVE-2021-35029

CRITICAL9.8

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device.

zyxel / usg1900_firmware+36

Network

Published Jul 2, 2021

CVE-2019-12583

CRITICAL9.1

Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

zyxel / uag2100_firmware+13

Network

Published Jun 27, 2019

CVE-2019-9955

MEDIUM6.1

On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.

zyxel / atp200_firmware+20

Network

Published Apr 22, 2019

CVE-2019-12581

MEDIUM6.1

A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.

zyxel / uag2100_firmware+8

Network

Published Jun 27, 2019