The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE.
Max CVSS
4.0
EPSS Score
0.98%
Published
2007-08-13
Updated
2018-10-15
Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.
Max CVSS
4.3
EPSS Score
0.43%
Published
2007-08-13
Updated
2018-10-15
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters.
Max CVSS
4.3
EPSS Score
1.07%
Published
2007-08-13
Updated
2018-10-15
The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.
Max CVSS
4.3
EPSS Score
1.04%
Published
2007-08-13
Updated
2018-10-15
4 vulnerabilities found