COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Multiple Firewalls product

5
failure events
0
zero-days
4
RCEs
5
on KEV
1
critical
80
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 5 events

DateEventSevFlagsShameSummary
2024-12-03 CVE-2024-11667 critical ⌖KEV 80 Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.
2023-06-05 CVE-2023-33010 high ⚡RCE ⌖KEV 65 Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected
2023-06-05 CVE-2023-33009 high ⚡RCE ⌖KEV 65 Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected
2023-05-31 CVE-2023-28771 high ⚡RCE ⌖KEV 65 Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
2022-05-16 CVE-2022-30525 high ⚡RCE ⌖KEV 65 A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.