Zyxel : Security Vulnerabilities, CVEs, (Memory corruption)
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-02-20
Updated
2024-02-20
The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-20
Updated
2023-11-30
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-11-27
Updated
2020-12-10
3 vulnerabilities found