GCVE - cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:zyxel:zywall_atp100:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Zyxel (`d3fcf896-5708-55f8-8f74-3e19a9d55b89`)
Product	Zywall Atp100 (`901ff310-2e9a-59b6-a2ca-6c4cc5e2a218`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-34141`	not_vulnerable	2026-06-03 14:52:15.849498	Details available HIGH (8) A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance. Published: 2023-07-17T17:56:26.818Z Updated: 2024-10-29T16:06:41.479Z Open on db.gcve.eu Reference links https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-34140`	not_vulnerable	2026-06-03 14:52:15.837800	Details available MEDIUM (6.5) A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon. Published: 2023-07-17T17:49:38.175Z Updated: 2024-10-21T19:42:15.688Z Open on db.gcve.eu Reference links https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-34138`	not_vulnerable	2026-06-03 14:52:15.814417	Details available HIGH (8) A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. Published: 2023-07-17T17:31:40.719Z Updated: 2024-10-30T18:02:28.372Z Open on db.gcve.eu Reference links https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33012`	not_vulnerable	2026-06-03 14:52:00.980033	Details available HIGH (8.8) A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled. Published: 2023-07-17T17:23:26.370Z Updated: 2025-03-05T18:48:53.862Z Open on db.gcve.eu Reference links https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33011`	not_vulnerable	2026-06-03 14:52:00.973049	Details available HIGH (8.8) A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled. Published: 2023-07-17T17:15:45.876Z Updated: 2024-11-07T19:08:01.595Z Open on db.gcve.eu Reference links https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28767`	not_vulnerable	2026-06-03 14:51:37.619368	Details available HIGH (8.8) The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled. Published: 2023-07-17T16:59:45.258Z Updated: 2024-11-07T19:14:46.971Z Open on db.gcve.eu Reference links https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35029`	not_vulnerable	2026-06-03 14:44:48.703609	Details available CRITICAL (9.8) An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. Published: 2021-07-02T10:29:07.000Z Updated: 2024-08-04T00:33:49.831Z Open on db.gcve.eu Reference links https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.