Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): firmware
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-46389 |
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. Published: November 30, 2023; 6:15:07 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-46387 |
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. Published: November 30, 2023; 6:15:07 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-46386 |
LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication. Published: November 30, 2023; 6:15:07 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-4474 |
The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. Published: November 29, 2023; 9:15:43 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-4473 |
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. Published: November 29, 2023; 9:15:43 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-37928 |
A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. Published: November 29, 2023; 9:15:43 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-37927 |
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. Published: November 29, 2023; 9:15:42 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-35138 |
A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. Published: November 29, 2023; 9:15:42 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-35137 |
An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. Published: November 29, 2023; 9:15:42 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-24294 |
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification. Published: November 28, 2023; 8:15:07 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-23325 |
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. Published: November 28, 2023; 8:15:07 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-23324 |
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. Published: November 28, 2023; 8:15:07 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-4667 |
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage Published: November 28, 2023; 4:15:07 AM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-5960 |
An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device. Published: November 27, 2023; 10:15:07 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-5797 |
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device. Published: November 27, 2023; 10:15:07 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-5650 |
An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device. Published: November 27, 2023; 9:15:43 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-4398 |
An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet. Published: November 27, 2023; 9:15:43 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-4397 |
A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device. Published: November 27, 2023; 9:15:42 PM -0500 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2023-37926 |
A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device. Published: November 27, 2023; 9:15:42 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-37925 |
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device. Published: November 27, 2023; 9:15:42 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |