Filtered by vendor Zyxel
Subscriptions
Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6019 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2025-04-12 | N/A |
| The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | ||||
| CVE-2015-5989 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | N/A |
| Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | ||||
| CVE-2015-6016 | 1 Zyxel | 4 Nbg-418n, P-660hw-t1 2, Pmg5318-b20a Firmware and 1 more | 2025-04-12 | N/A |
| ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | ||||
| CVE-2015-5987 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | N/A |
| Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | ||||
| CVE-2015-6017 | 1 Zyxel | 1 P-660hw-t1 V2 Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. | ||||
| CVE-2015-6018 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2025-04-12 | N/A |
| The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | ||||
| CVE-2015-6020 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2025-04-12 | N/A |
| ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | ||||
| CVE-2016-1348 | 6 Cisco, Netgear, Samsung and 3 more | 6 Ios Xe, Jr6150 Firmware, X14j Firmware and 3 more | 2025-04-12 | N/A |
| Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | ||||
| CVE-2016-1329 | 5 Cisco, Samsung, Sun and 2 more | 10 Nexus 3048, Nexus 3064, Nexus 3064t and 7 more | 2025-04-12 | N/A |
| Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. | ||||
| CVE-2016-1319 | 4 Samsung, Sun, Zyxel and 1 more | 4 X14j Firmware, Opensolaris, Gs1900-10hp Firmware and 1 more | 2025-04-12 | N/A |
| Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. | ||||
| CVE-2015-6260 | 2 Cisco, Zyxel | 10 Nexus 5548p, Nexus 5548up, Nexus 5596t and 7 more | 2025-04-12 | N/A |
| Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. | ||||
| CVE-2016-1317 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | N/A |
| Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. | ||||
| CVE-2016-1349 | 7 Cisco, Intel, Netgear and 4 more | 7 Ios Xe, Core I5-9400f Firmware, Jr6150 Firmware and 4 more | 2025-04-12 | N/A |
| The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | ||||
| CVE-2016-1346 | 6 Cisco, Dell, Netgear and 3 more | 6 Telepresence Server Mse 8710, Emc Powerscale Onefs, Jr6150 Firmware and 3 more | 2025-04-12 | N/A |
| The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. | ||||
| CVE-2011-4504 | 2 Genmei Mori, Zyxel | 2 Pseudoics, P-330w Router | 2025-04-11 | N/A |
| The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| CVE-2013-6786 | 6 Allegrosoft, Dlink, Huawei and 3 more | 7 Rompager, Dsl-2640r, Dsl-2641r and 4 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. | ||||
| CVE-2011-0746 | 1 Zyxel | 1 O2 Dsl Router Classic | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter. | ||||
| CVE-2022-43389 | 1 Zyxel | 34 Ep240p, Ep240p Firmware, Lte3202-m437 and 31 more | 2025-04-09 | 8.6 High |
| A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | ||||
| CVE-2008-1259 | 1 Zyxel | 1 P-2602hw-d1a | 2025-04-09 | N/A |
| The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes. | ||||
| CVE-2008-1256 | 1 Zyxel | 1 P-660hw | 2025-04-09 | N/A |
| The ZyXEL P-660HW series router has "admin" as its default password, which allows remote attackers to gain administrative access. | ||||