Zyxel Security Vulnerabilities (CVEs)
Track 76 security vulnerabilities affecting Zyxel products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This is a critical pre-authentication command injection vulnerability in Zyxel NAS devices that allows unauthenticated remote attackers to execute arb...
Jun 19, 2023This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary operating system commands on affected Zyxel NAS32...
May 30, 2023A buffer overflow vulnerability in Zyxel firewall notification functions allows unauthenticated attackers to cause denial-of-service or execute arbitr...
May 24, 2023This is a post-authentication command injection vulnerability in Zyxel NBG6604 home routers. An authenticated attacker can execute arbitrary OS comman...
May 1, 2023A buffer overflow vulnerability in Zyxel NBG-418N v2 router firmware allows remote unauthenticated attackers to cause denial-of-service conditions by ...
May 1, 2023A buffer overflow vulnerability in the libclinkc.so library of the zhttpd web server on Zyxel DX5401-B0 devices allows remote unauthenticated attacker...
Apr 27, 2023This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on affected Zyxel firewall devices by sendin...
Apr 25, 2023This is a post-authentication command injection vulnerability in Zyxel firewall CLI commands that allows authenticated attackers to execute arbitrary ...
Apr 24, 2023A post-authentication command injection vulnerability in Zyxel USG FLEX and VPN series firewalls allows authenticated attackers to execute arbitrary c...
Apr 24, 2023A buffer overflow vulnerability in the fbwifi_forward.cgi CGI program of affected Zyxel devices allows remote unauthenticated attackers to cause denia...
Apr 24, 2023A buffer overflow vulnerability in Zyxel network devices allows remote unauthenticated attackers to cause denial of service by uploading a crafted con...
Apr 24, 2023This is a post-authentication command injection vulnerability in Zyxel firewall devices that allows authenticated administrators to execute arbitrary ...
Feb 7, 2023A buffer overflow vulnerability in the CGI program of Zyxel NR7101 firmware allows authenticated attackers to cause denial-of-service conditions by se...
Jan 11, 2023This CVE describes a local privilege escalation vulnerability in Zyxel firewall CLI commands where a local attacker can execute OS commands with root ...
Jul 19, 2022This CVE-2022-26532 is an argument injection vulnerability in Zyxel network devices that allows local authenticated attackers to execute arbitrary OS ...
May 24, 2022This CVE describes a local privilege escalation vulnerability in Zyxel AP Configurator (ZAC) version 1.1.4, where incorrect directory permissions allo...
Apr 11, 2022This authentication bypass vulnerability in Zyxel firewall CGI programs allows attackers to circumvent web authentication and gain administrative acce...
Mar 28, 2022This CVE-2021-4039 is a command injection vulnerability in Zyxel NWA-1100-NH access point web interface that allows authenticated attackers to execute...
Mar 1, 2022A cross-site request forgery (CSRF) vulnerability in Zyxel ARMOR Z1/Z2 router firmware allows attackers to execute arbitrary commands by tricking auth...
Feb 24, 2022This vulnerability allows remote attackers to maintain unauthorized access to Zyxel NBG6604 routers by exploiting insufficient session expiration in t...
Dec 29, 2021A directory traversal vulnerability in Zyxel VPN2S firewall firmware allows remote attackers to access sensitive files by manipulating file paths. Thi...
Sep 29, 2021This authentication bypass vulnerability in Zyxel security appliances allows remote attackers to execute arbitrary commands without valid credentials....
Jul 2, 2021CVE-2020-28899 is an authentication bypass vulnerability in ZyXEL LTE4506-M606 routers that allows remote attackers to execute administrative function...
Mar 16, 2021CVE-2020-29583 is a critical vulnerability in Zyxel USG devices where firmware version 4.60 includes a hidden administrative account (zyfwp) with a ha...
Dec 22, 2020A stack-based buffer overflow vulnerability in the fbwifi_continue.cgi component of Zyxel UTM and VPN gateways allows remote unauthenticated attackers...
Nov 27, 2020This vulnerability in Zyxel VMG5313-B30B routers allows regular users to create new accounts with administrative privileges by manipulating JSON param...
Sep 2, 2020Why Monitor Zyxel Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 76+ known vulnerabilities affecting Zyxel products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zyxel packages in under 60 seconds. No agents required - completely agentless scanning that works across Zyxel deployments.
Free vulnerability database: Access detailed information about every Zyxel CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Zyxel CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
