FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2023-09-18 | CVE-2017-6884 | critical | ⚡RCE ⌖KEV | 95 | Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/ |
| 2024-12-03 | CVE-2024-11667 | critical | ⌖KEV | 80 | Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL. |
| 2025-02-11 | CVE-2024-40890 | high | ⚡RCE ⌖KEV | 65 | Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request. |
| 2025-02-11 | CVE-2024-40891 | high | ⚡RCE ⌖KEV | 65 | Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet. |
| 2023-08-07 | CVE-2017-18368 | high | ⚡RCE ⌖KEV | 65 | Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page. |
| 2023-06-23 | CVE-2023-27992 | high | ⚡RCE ⌖KEV | 65 | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request. |
| 2023-06-05 | CVE-2023-33010 | high | ⚡RCE ⌖KEV | 65 | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected |
| 2023-06-05 | CVE-2023-33009 | high | ⚡RCE ⌖KEV | 65 | Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected |
| 2023-05-31 | CVE-2023-28771 | high | ⚡RCE ⌖KEV | 65 | Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device. |
| 2022-05-16 | CVE-2022-30525 | high | ⚡RCE ⌖KEV | 65 | A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. |
| 2022-03-25 | CVE-2020-9054 | high | ⚡RCE ⌖KEV | 65 | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. |
| 2021-11-03 | CVE-2020-29583 | high | ⌖KEV | 50 | Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password. |