Zyxel Security Vulnerabilities (CVEs)
Track 76 security vulnerabilities affecting Zyxel products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A remote command injection vulnerability in Zyxel EX3510-B0 devices allows attackers to execute arbitrary operating system commands by sending special...
Feb 24, 2026This CVE describes a post-authentication command injection vulnerability in Zyxel VMG3625-T50B devices. An authenticated attacker with administrator p...
Feb 24, 2026An authenticated attacker with administrator privileges can cause a denial-of-service condition on affected Zyxel devices by sending a specially craft...
Feb 24, 2026A null pointer dereference vulnerability in Zyxel networking devices allows authenticated administrators to trigger a denial-of-service condition by s...
Feb 24, 2026An uncontrolled resource consumption vulnerability in Zyxel DX3301-T0 firmware allows attackers to perform Slowloris-style DoS attacks. This can tempo...
Nov 18, 2025A post-authentication command injection vulnerability in Zyxel DX3300-T0 firmware allows authenticated attackers to execute arbitrary operating system...
Nov 18, 2025A missing authorization vulnerability in Zyxel firewall devices allows semi-authenticated attackers who have completed only the first stage of 2FA to ...
Oct 21, 2025A buffer overflow vulnerability in the zhttpd URL parser of Zyxel VMG8825-T50K routers allows unauthenticated attackers to cause denial-of-service or ...
Jul 16, 2025This path traversal vulnerability in Zyxel NWA50AX PRO access points allows authenticated administrators to delete critical files like configuration f...
Jul 15, 2025An incorrect permission assignment vulnerability in PostgreSQL commands in Zyxel USG FLEX H series firewalls allows authenticated local attackers with...
Apr 22, 2025This path traversal vulnerability in Zyxel AMG1302-T10B firmware allows authenticated administrators to access restricted directories via crafted HTTP...
Apr 22, 2025This CVE describes a post-authentication command injection vulnerability in Zyxel VMG8825-T50K devices. An authenticated attacker with administrator p...
Mar 11, 2025This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary operating system commands on Zyxel networking dev...
Mar 11, 2025This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary operating system commands on affected Zyxel devic...
Mar 11, 2025This vulnerability involves insecure default credentials for the Telnet function in Zyxel VMG4325-B10A DSL CPE devices. Attackers can log into the man...
Feb 4, 2025This is a post-authentication command injection vulnerability in Zyxel VMG4325-B10A DSL CPE devices that allows authenticated attackers to execute arb...
Feb 4, 2025This is a post-authentication command injection vulnerability in Zyxel VMG4325-B10A DSL CPE devices. An authenticated attacker can execute arbitrary o...
Feb 4, 2025An authenticated user with limited privileges can escalate to administrator level on affected Zyxel devices, allowing them to upload configuration fil...
Jan 14, 2025A buffer overflow vulnerability in the libclinkc library used by Zyxel VMG8825-T50K devices allows attackers to cause temporary denial of service agai...
Dec 3, 2024This is a post-authentication buffer overflow vulnerability in Zyxel VMG3625-T50B devices that allows authenticated administrators to cause temporary ...
Dec 3, 2024This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary operating system commands on Zyxel VMG4005-B50A d...
Dec 3, 2024This vulnerability allows unauthenticated attackers to read device information from Zyxel P-6101C ADSL modems via crafted HTTP HEAD requests. It affec...
Nov 20, 2024This vulnerability allows authenticated attackers with administrator privileges on the local network to execute arbitrary operating system commands on...
Nov 12, 2024This vulnerability allows an authenticated local attacker to steal an administrator's authentication token from the CLI command in USG FLEX H series f...
Oct 22, 2024This vulnerability allows authenticated attackers with administrator privileges to cause memory corruption in the USB file-sharing handler of Zyxel VM...
Sep 24, 2024This vulnerability allows authenticated administrators to cause memory corruption in the IPv6 parser of Zyxel VMG8825-T50K devices, potentially crashi...
Sep 24, 2024This is an unauthenticated command injection vulnerability in Zyxel NAS devices that allows remote attackers to execute arbitrary operating system com...
Sep 10, 2024This is an unauthenticated OS command injection vulnerability in Zyxel networking devices that allows remote attackers to execute arbitrary commands o...
Sep 3, 2024This vulnerability allows authenticated administrators on affected Zyxel firewalls to execute arbitrary operating system commands through command inje...
Sep 3, 2024A buffer overflow vulnerability in the libclinkc library of Zyxel VMG8825-T50K firmware allows unauthenticated attackers to cause denial of service by...
Sep 3, 2024This CVE describes a command injection vulnerability in Zyxel firewall devices that allows unauthenticated attackers to execute operating system comma...
Sep 3, 2024This is a post-authentication command injection vulnerability in multiple Zyxel firewall series. An authenticated attacker with administrator privileg...
Sep 3, 2024An unauthenticated command injection vulnerability in Zyxel NWA1100-N firmware allows attackers to execute arbitrary OS commands and access system fil...
Aug 30, 2024This vulnerability allows authenticated attackers on Zyxel NAS devices to view administrator session information including cookies via the 'show_allse...
Jun 4, 2024This critical vulnerability allows unauthenticated attackers to execute arbitrary code on affected Zyxel NAS devices by uploading a crafted configurat...
Jun 4, 2024This is a critical command injection vulnerability in Zyxel NAS devices that allows unauthenticated attackers to execute arbitrary operating system co...
Jun 4, 2024A buffer overflow vulnerability in the CGI program of Zyxel VMG3625-T50B firmware allows authenticated remote attackers to cause denial of service (Do...
May 21, 2024A format string vulnerability in the IPSec VPN feature of Zyxel firewall and VPN devices allows remote code execution. Attackers could execute arbitra...
Feb 20, 2024This CVE describes a post-authentication command injection vulnerability in Zyxel firewall and access point firmware. An authenticated attacker with a...
Feb 20, 2024A post-authentication command injection vulnerability in Zyxel NAS devices allows authenticated attackers to execute arbitrary OS commands by sending ...
Nov 30, 2023An unauthenticated command injection vulnerability in Zyxel NAS web servers allows attackers to execute arbitrary OS commands by sending specially cra...
Nov 30, 2023This critical command injection vulnerability in Zyxel NAS devices allows unauthenticated attackers to execute arbitrary operating system commands via...
Nov 30, 2023An integer overflow vulnerability in the QuickSec IPSec toolkit used in Zyxel VPN devices allows unauthenticated attackers to cause denial-of-service ...
Nov 28, 2023An out-of-bounds write vulnerability in Zyxel SecuExtender SSL VPN Client version 4.0.4.0 allows authenticated local users to escalate privileges by s...
Nov 20, 2023This buffer overflow vulnerability in Zyxel PMG2005-T20B firmware allows unauthenticated attackers to cause denial of service by sending specially cra...
Sep 27, 2023This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Zyxel NBG6604 routers by sending specially crafted...
Aug 14, 2023An unauthenticated LAN-based attacker can execute arbitrary OS commands on affected Zyxel network devices by sending a malicious GRE configuration whe...
Jul 17, 2023An unauthenticated command injection vulnerability in the Free Time WiFi hotspot feature of Zyxel USG FLEX and VPN series firewalls allows LAN-based a...
Jul 17, 2023This CVE describes a command injection vulnerability in Zyxel firewall and WLAN controller products that allows LAN-based attackers to execute arbitra...
Jul 17, 2023This vulnerability allows an unauthenticated attacker on the local network to inject OS commands into the configuration data of affected Zyxel devices...
Jul 17, 2023Why Monitor Zyxel Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 76+ known vulnerabilities affecting Zyxel products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zyxel packages in under 60 seconds. No agents required - completely agentless scanning that works across Zyxel deployments.
Free vulnerability database: Access detailed information about every Zyxel CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Zyxel CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
