ZyXEL ZyWALL USG 2000 Security Appliance

Platform Information https://www.cnet.com/products/zyxel-zywall-usg-2000-security-appliance/
Search Engine Search on Google
End of Sales Yes (2018-06-30) more info
End of Support -
Wired Connection Yes
Wireless Connection -
Fingerprinting Source HTTPS NIC VENDOR
Added at Jun 11, 2019
Manufacturer Name Zyxel Communications Corp
Homepage https://www.zyxel.com/index.shtml
Headquarters Taiwan
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
No records found.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2019-12581
06/27/2019
MEDIUM
MEDIUM
A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
CVE-2019-12583
06/27/2019
CRITICAL
MEDIUM
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
CVE-2019-6725
05/31/2019
CRITICAL
HIGH
The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin.
CVE-2019-9955
04/22/2019
MEDIUM
MEDIUM
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
CVE-2019-10634
04/09/2019
MEDIUM
LOW
An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields.