Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 15 of 15
Filters:
Zyxel | DSL CPE Devices

CVE-2024-40891

Zyxel DSL CPE OS Command Injection Vulnerability: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40891
Zyxel | DSL CPE Devices

CVE-2024-40890

Zyxel DSL CPE OS Command Injection Vulnerability: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40890
Aviatrix | Controllers

CVE-2024-50603

Aviatrix Controllers OS Command Injection Vulnerability: Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-16
  • Due Date: 2025-02-06
Additional Notes
https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true ; https://nvd.nist.gov/vuln/detail/CVE-2024-50603
Zyxel | Multiple Firewalls

CVE-2024-11667

Zyxel Multiple Firewalls Path Traversal Vulnerability: Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-12-03
  • Due Date: 2024-12-24
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11667
Zyxel | EMG2926 Routers

CVE-2017-6884

Zyxel EMG2926 Routers Command Injection Vulnerability: Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-18
  • Due Date: 2023-10-09
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https://www.zyxelguard.com/Zyxel-EOL.asp; https://nvd.nist.gov/vuln/detail/CVE-2017-6884
Zyxel | P660HN-T1A Routers

CVE-2017-18368

Zyxel P660HN-T1A Routers Command Injection Vulnerability: Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-08-07
  • Due Date: 2023-08-28
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware; https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe; https://nvd.nist.gov/vuln/detail/CVE-2017-18368
Zyxel | Multiple Network-Attached Storage (NAS) Devices

CVE-2023-27992

Zyxel Multiple NAS Devices Command Injection Vulnerability: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-23
  • Due Date: 2023-07-14
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products; https://nvd.nist.gov/vuln/detail/CVE-2023-27992
Zyxel | Multiple Firewalls

CVE-2023-33009

Zyxel Multiple Firewalls Buffer Overflow Vulnerability: Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-05
  • Due Date: 2023-06-26
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-33009
Zyxel | Multiple Firewalls

CVE-2023-33010

Zyxel Multiple Firewalls Buffer Overflow Vulnerability: Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-05
  • Due Date: 2023-06-26
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-33010
Zyxel | Multiple Firewalls

CVE-2023-28771

Zyxel Multiple Firewalls OS Command Injection Vulnerability: Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-31
  • Due Date: 2023-06-21
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-28771
Zyxel | Multiple Firewalls

CVE-2022-30525

Zyxel Multiple Firewalls OS Command Injection Vulnerability: A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-16
  • Due Date: 2022-06-06
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-30525
InduSoft | Web Studio

CVE-2014-0780

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability: InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-15
  • Due Date: 2022-05-06
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-0780
Zyxel | Multiple Network-Attached Storage (NAS) Devices

CVE-2020-9054

Zyxel Multiple NAS Devices OS Command Injection Vulnerability: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-9054
Aviatrix | Aviatrix Controller

CVE-2021-40870

Aviatrix Controller Unrestricted Upload of File: Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Related CWEs: CWE-25| CWE-96

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-18
  • Due Date: 2022-02-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-40870
Zyxel | Multiple Products

CVE-2020-29583

Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability: Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.

Related CWE: CWE-522

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-29583

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now