TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2022-30525

CRITICALCISA KEV
9.8

Beschreibung

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/12/2022
Zuletzt geandert10/27/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerZyxel
ProduktMultiple Firewalls
SchwachstellennameZyxel Multiple Firewalls OS Command Injection Vulnerability
KEV Aufnahmedatum2022-05-16
Behebungsfrist2022-06-06
Ransomware-NutzungUnknown

Betroffene Produkte

zyxel:atp100zyxel:atp100_firmwarezyxel:atp100wzyxel:atp100w_firmwarezyxel:atp200zyxel:atp200_firmwarezyxel:atp500zyxel:atp500_firmwarezyxel:atp700zyxel:atp700_firmwarezyxel:atp800zyxel:atp800_firmwarezyxel:usg20w-vpnzyxel:usg20w-vpn_firmwarezyxel:usg_flex_100wzyxel:usg_flex_100w_firmwarezyxel:usg_flex_200zyxel:usg_flex_200_firmwarezyxel:usg_flex_500zyxel:usg_flex_500_firmwarezyxel:usg_flex_50wzyxel:usg_flex_50w_firmwarezyxel:usg_flex_700zyxel:usg_flex_700_firmwarezyxel:vpn100zyxel:vpn1000zyxel:vpn1000_firmwarezyxel:vpn100_firmwarezyxel:vpn300zyxel:vpn300_firmwarezyxel:vpn50zyxel:vpn50_firmware

Schwachen (CWE)

CWE-78CWE-78

Referenzen

http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html(security@zyxel.com.tw)
http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html(security@zyxel.com.tw)
http://packetstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.html(security@zyxel.com.tw)
http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html(security@zyxel.com.tw)
https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml(security@zyxel.com.tw)
http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-30525(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.