Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-13365: Security Advisories | Zyxel

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.

CVE
Open in Source
#vulnerability
  1. Homepage
  2. Support
  3. Security Advisories

We care about your network security. It’s our highest priority, and it’s what drives us to deliver the timely, useful advice on emerging vulnerabilities that you’ll find below. But there are also a few practices that it’s good common sense to follow at all times:

  • Change the default password as soon as you log in to a new device for the first time
  • Use strong, unique passwords for every device and change them regularly
  • Ensure your devices are running the latest available firmware
  • Don’t enable remote access unless it’s absolutely necessary

If you’d like to receive the notification about our Security Advisory alert, please click the below button to fill in the info.

Zyxel Product Security Incident Disclosure Policy

Zyxel takes security issues very seriously, and keeping our customers safe is Zyxel’s primary concern. The Zyxel Product Security Incident Response Team (PSIRT) responds to vulnerability reports, investigates the reported vulnerabilities, and implements the best course of action to protect our customers. Zyxel is also authorized as a CVE Numbering Authority (CNA). This recognizes Zyxel’s commitment to security disclosures and will enhance our vulnerability reporting.

If you have discovered a security vulnerability in Zyxel products, we appreciate your help in reporting it to us in a responsible manner. The advance notice allows our PSIRT team to coordinate a patch or workaround which allows our customers to protect themselves before attackers have the opportunity to exploit the issue.

Note: Zyxel does not have a security bug bounty program for reported vulnerabilities.

  • Report a Security Vulnerability

  • Download PGP Public Key

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE