Vulnerabilites related to zyxel - usg2200_firmware
cve-2022-26532
Vulnerability from cvelistv5
Published
2022-05-24 05:20
Modified
2024-08-03 05:03
Summary
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
Impacted products
Vendor Product Version
Zyxel USG/ZyWALL series firmware Version: 4.09 through 4.71
Zyxel USG FLEX series firmware Version: 4.50 through 5.21
Zyxel ATP series firmware Version: 4.32 through 5.21
Zyxel VPN series firmware Version: 4.30 through 5.21
Zyxel NSG series firmware Version: 1.00 through 1.33 Patch 4
Zyxel NXC2500 firmware Version: <= 6.10(AAIG.3)
Zyxel NAP203 firmware Version: <= 6.25(ABFA.7)
Zyxel NWA50AX firmware Version: <= 6.25(ABYW.5)
Zyxel WAC500 firmware Version: <= 6.30(ABVS.2)
Zyxel WAX510D firmware Version: <= 6.30(ABTF.2)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:03:32.963Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
               },
               {
                  name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jun/15",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "USG/ZyWALL series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.09 through 4.71",
                  },
               ],
            },
            {
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.50 through 5.21",
                  },
               ],
            },
            {
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.32 through 5.21",
                  },
               ],
            },
            {
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.30 through 5.21",
                  },
               ],
            },
            {
               product: "NSG series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "1.00 through 1.33 Patch 4",
                  },
               ],
            },
            {
               product: "NXC2500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.10(AAIG.3)",
                  },
               ],
            },
            {
               product: "NAP203 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.25(ABFA.7)",
                  },
               ],
            },
            {
               product: "NWA50AX firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.25(ABYW.5)",
                  },
               ],
            },
            {
               product: "WAC500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.30(ABVS.2)",
                  },
               ],
            },
            {
               product: "WAX510D firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.30(ABTF.2)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-88",
                     description: "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-19T18:06:10",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
            },
            {
               name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jun/15",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@zyxel.com.tw",
               ID: "CVE-2022-26532",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "USG/ZyWALL series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.09 through 4.71",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "USG FLEX series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.50 through 5.21",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "ATP series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.32 through 5.21",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "VPN series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.30 through 5.21",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSG series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.00 through 1.33 Patch 4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NXC2500 firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "<= 6.10(AAIG.3)",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NAP203 firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "<= 6.25(ABFA.7)",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NWA50AX firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "<= 6.25(ABYW.5)",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "WAC500 firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "<= 6.30(ABVS.2)",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "WAX510D firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "<= 6.30(ABTF.2)",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Zyxel",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "7.8",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                     refsource: "CONFIRM",
                     url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  },
                  {
                     name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2022/Jun/15",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2022-26532",
      datePublished: "2022-05-24T05:20:09",
      dateReserved: "2022-03-07T00:00:00",
      dateUpdated: "2024-08-03T05:03:32.963Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0734
Vulnerability from cvelistv5
Published
2022-05-24 02:10
Modified
2024-08-02 23:40
Summary
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
Impacted products
Vendor Product Version
Zyxel USG/ZyWALL series firmware Version: 4.35 through 4.70
Zyxel USG FLEX series firmware Version: 4.50 through 5.20
Zyxel ATP series firmware Version: 4.35 through 5.20
Zyxel VPN series firmware Version: 4.35 through 5.20
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:40:03.547Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "USG/ZyWALL series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.35 through 4.70",
                  },
               ],
            },
            {
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.50 through 5.20",
                  },
               ],
            },
            {
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.35 through 5.20",
                  },
               ],
            },
            {
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.35 through 5.20",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-05-24T02:10:12",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@zyxel.com.tw",
               ID: "CVE-2022-0734",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "USG/ZyWALL series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.35 through 4.70",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "USG FLEX series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.50 through 5.20",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "ATP series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.35 through 5.20",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "VPN series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.35 through 5.20",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Zyxel",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.8",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                     refsource: "CONFIRM",
                     url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2022-0734",
      datePublished: "2022-05-24T02:10:12",
      dateReserved: "2022-02-23T00:00:00",
      dateUpdated: "2024-08-02T23:40:03.547Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9054
Vulnerability from cvelistv5
Published
2020-03-04 19:30
Modified
2024-09-16 17:14
Severity ?
Summary
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
Impacted products
Vendor Product Version
ZyXEL NAS326 Version: V5.21(AAZF.7)C0   <
ZyXEL NAS520 Version: V5.21(AASZ.3)C0   <
ZyXEL NAS540 Version: V5.21(AATB.4)C0   <
ZyXEL NAS542 Version: V5.21(ABAG.4)C0   <
ZyXEL NSA210 Version: all
ZyXEL NSA220 Version: all
ZyXEL NSA220+ Version: all
ZyXEL NSA221 Version: all
ZyXEL NSA310 Version: V4.75(AALH.2)C0   <
ZyXEL NSA320 Version: all
ZyXEL NSA320S Version: V4.75(AANV.2)C0   <
ZyXEL NSA325 Version: V4.81(AAAJ.1)C0   <
ZyXEL NSA325v2 Version: V4.81(AALS.1)C0   <
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:19:19.559Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://cwe.mitre.org/data/definitions/78.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml",
               },
               {
                  name: "VU#498544",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "https://kb.cert.org/vuls/id/498544/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://kb.cert.org/artifacts/cve-2020-9054.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "NAS326",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V5.21(AAZF.7)C0",
                     status: "affected",
                     version: "V5.21(AAZF.7)C0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "NAS520",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V5.21(AASZ.3)C0",
                     status: "affected",
                     version: "V5.21(AASZ.3)C0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "NAS540",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V5.21(AATB.4)C0",
                     status: "affected",
                     version: "V5.21(AATB.4)C0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "NAS542",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V5.21(ABAG.4)C0",
                     status: "affected",
                     version: "V5.21(ABAG.4)C0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "NSA210",
               vendor: "ZyXEL",
               versions: [
                  {
                     status: "affected",
                     version: "all",
                  },
               ],
            },
            {
               product: "NSA220",
               vendor: "ZyXEL",
               versions: [
                  {
                     status: "affected",
                     version: "all",
                  },
               ],
            },
            {
               product: "NSA220+",
               vendor: "ZyXEL",
               versions: [
                  {
                     status: "affected",
                     version: "all",
                  },
               ],
            },
            {
               product: "NSA221",
               vendor: "ZyXEL",
               versions: [
                  {
                     status: "affected",
                     version: "all",
                  },
               ],
            },
            {
               product: "NSA310",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V4.75(AALH.2)C0",
                     status: "affected",
                     version: "V4.75(AALH.2)C0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "NSA320",
               vendor: "ZyXEL",
               versions: [
                  {
                     status: "affected",
                     version: "all",
                  },
               ],
            },
            {
               product: "NSA320S",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V4.75(AANV.2)C0",
                     status: "affected",
                     version: "V4.75(AANV.2)C0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "NSA325",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V4.81(AAAJ.1)C0",
                     status: "affected",
                     version: "V4.81(AAAJ.1)C0",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "NSA325v2",
               vendor: "ZyXEL",
               versions: [
                  {
                     lessThanOrEqual: "V4.81(AALS.1)C0",
                     status: "affected",
                     version: "V4.81(AALS.1)C0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Thanks to Alex Holden of Hold Security for finding and reporting this vulnerability.",
            },
         ],
         datePublic: "2020-02-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "https://kb.cert.org/artifacts/cve-2020-9054.html",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78 OS Command Injection",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-04T19:30:18",
            orgId: "37e5125f-f79b-445b-8fad-9564f167944b",
            shortName: "certcc",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://cwe.mitre.org/data/definitions/78.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml",
            },
            {
               name: "VU#498544",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "https://kb.cert.org/vuls/id/498544/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://kb.cert.org/artifacts/cve-2020-9054.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, NAS542, ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100 devices.",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi",
         workarounds: [
            {
               lang: "en",
               value: "Block access to the ZyXEL device web interface:\n\nThis issue can be mitigated by blocking (for example with a firewall) access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Any machine that can access the ZyXEL web interface should not also be able to access the internet.\n\nRestrict access to vulnerable ZyXEL devices:\n\nDirect exploitation of this vulnerability can be mitigated by restricting access to vulnerable devices. In particular, do not expose such devices directly to the internet. Note however, that it is still possible for attackers to exploit devices that are not directly connected to the internet. For example, by way of viewing a web page.",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cert@cert.org",
               DATE_PUBLIC: "2020-02-20T00:00:00.000Z",
               ID: "CVE-2020-9054",
               STATE: "PUBLIC",
               TITLE: "ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "NAS326",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V5.21(AAZF.7)C0",
                                          version_value: "V5.21(AAZF.7)C0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NAS520",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V5.21(AASZ.3)C0",
                                          version_value: "V5.21(AASZ.3)C0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NAS540",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V5.21(AATB.4)C0",
                                          version_value: "V5.21(AATB.4)C0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NAS542",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V5.21(ABAG.4)C0",
                                          version_value: "V5.21(ABAG.4)C0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA210",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "all",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA220",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "all",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA220+",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "all",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA221",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "all",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA310",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V4.75(AALH.2)C0",
                                          version_value: "V4.75(AALH.2)C0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA320",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "all",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA320S",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V4.75(AANV.2)C0",
                                          version_value: "V4.75(AANV.2)C0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA325",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V4.81(AAAJ.1)C0",
                                          version_value: "V4.81(AAAJ.1)C0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "NSA325v2",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<=",
                                          version_name: "V4.81(AALS.1)C0",
                                          version_value: "V4.81(AALS.1)C0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "ZyXEL",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "Thanks to Alex Holden of Hold Security for finding and reporting this vulnerability.",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "https://kb.cert.org/artifacts/cve-2020-9054.html",
               },
            ],
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-78 OS Command Injection",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://cwe.mitre.org/data/definitions/78.html",
                     refsource: "MISC",
                     url: "https://cwe.mitre.org/data/definitions/78.html",
                  },
                  {
                     name: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml",
                     refsource: "CONFIRM",
                     url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml",
                  },
                  {
                     name: "VU#498544",
                     refsource: "CERT-VN",
                     url: "https://kb.cert.org/vuls/id/498544/",
                  },
                  {
                     name: "https://kb.cert.org/artifacts/cve-2020-9054.html",
                     refsource: "MISC",
                     url: "https://kb.cert.org/artifacts/cve-2020-9054.html",
                  },
                  {
                     name: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/",
                     refsource: "MISC",
                     url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/",
                  },
               ],
            },
            solution: [
               {
                  lang: "en",
                  value: "ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, NAS542, ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100 devices.",
               },
            ],
            source: {
               discovery: "UNKNOWN",
            },
            work_around: [
               {
                  lang: "en",
                  value: "Block access to the ZyXEL device web interface:\n\nThis issue can be mitigated by blocking (for example with a firewall) access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Any machine that can access the ZyXEL web interface should not also be able to access the internet.\n\nRestrict access to vulnerable ZyXEL devices:\n\nDirect exploitation of this vulnerability can be mitigated by restricting access to vulnerable devices. In particular, do not expose such devices directly to the internet. Note however, that it is still possible for attackers to exploit devices that are not directly connected to the internet. For example, by way of viewing a web page.",
               },
            ],
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b",
      assignerShortName: "certcc",
      cveId: "CVE-2020-9054",
      datePublished: "2020-03-04T19:30:18.400802Z",
      dateReserved: "2020-02-18T00:00:00",
      dateUpdated: "2024-09-16T17:14:38.648Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-29583
Vulnerability from cvelistv5
Published
2020-12-22 00:00
Modified
2024-08-04 16:55
Severity ?
Summary
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T16:55:10.633Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/security_advisories.shtml",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/CVE-2020-29583.shtml",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-28T00:43:07.540036",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.zyxel.com/support/security_advisories.shtml",
            },
            {
               url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf",
            },
            {
               url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15",
            },
            {
               url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release",
            },
            {
               url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html",
            },
            {
               url: "https://www.zyxel.com/support/CVE-2020-29583.shtml",
            },
            {
               url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-29583",
      datePublished: "2020-12-22T00:00:00",
      dateReserved: "2020-12-06T00:00:00",
      dateUpdated: "2024-08-04T16:55:10.633Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0910
Vulnerability from cvelistv5
Published
2022-05-24 02:20
Modified
2024-08-02 23:47
Summary
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
Impacted products
Vendor Product Version
Zyxel USG/ZyWALL series firmware Version: 4.32 through 4.71
Zyxel USG FLEX series firmware Version: 4.50 through 5.21
Zyxel ATP series firmware Version: 4.32 through 5.21
Zyxel VPN series firmware Version: 4.32 through 5.21
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:47:42.905Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "USG/ZyWALL series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.32 through 4.71",
                  },
               ],
            },
            {
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.50 through 5.21",
                  },
               ],
            },
            {
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.32 through 5.21",
                  },
               ],
            },
            {
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.32 through 5.21",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-287",
                     description: "CWE-287: Improper Authentication",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-05-24T02:20:13",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@zyxel.com.tw",
               ID: "CVE-2022-0910",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "USG/ZyWALL series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.32 through 4.71",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "USG FLEX series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.50 through 5.21",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "ATP series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.32 through 5.21",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "VPN series firmware",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.32 through 5.21",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Zyxel",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "6.5",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-287: Improper Authentication",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                     refsource: "CONFIRM",
                     url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2022-0910",
      datePublished: "2022-05-24T02:20:13",
      dateReserved: "2022-03-10T00:00:00",
      dateUpdated: "2024-08-02T23:47:42.905Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-26531
Vulnerability from cvelistv5
Published
2022-05-24 00:00
Modified
2024-08-03 05:03
Summary
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
Impacted products
Vendor Product Version
Zyxel USG/ZyWALL series firmware Version: 4.09 through 4.71
Zyxel USG FLEX series firmware Version: 4.50 through 5.21
Zyxel ATP series firmware Version: 4.32 through 5.21
Zyxel VPN series firmware Version: 4.30 through 5.21
Zyxel NSG series firmware Version: 1.00 through 1.33 Patch 4
Zyxel NXC2500 firmware Version: <= 6.10(AAIG.3)
Zyxel NAP203 firmware Version: <= 6.25(ABFA.7)
Zyxel NWA50AX firmware Version: <= 6.25(ABYW.5)
Zyxel WAC500 firmware Version: <= 6.30(ABVS.2)
Zyxel WAX510D firmware Version: <= 6.30(ABTF.2)
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:03:33.155Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
               },
               {
                  name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2022/Jun/15",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "USG/ZyWALL series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.09 through 4.71",
                  },
               ],
            },
            {
               product: "USG FLEX series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.50 through 5.21",
                  },
               ],
            },
            {
               product: "ATP series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.32 through 5.21",
                  },
               ],
            },
            {
               product: "VPN series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "4.30 through 5.21",
                  },
               ],
            },
            {
               product: "NSG series firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "1.00 through 1.33 Patch 4",
                  },
               ],
            },
            {
               product: "NXC2500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.10(AAIG.3)",
                  },
               ],
            },
            {
               product: "NAP203 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.25(ABFA.7)",
                  },
               ],
            },
            {
               product: "NWA50AX firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.25(ABYW.5)",
                  },
               ],
            },
            {
               product: "WAC500 firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.30(ABVS.2)",
                  },
               ],
            },
            {
               product: "WAX510D firmware",
               vendor: "Zyxel",
               versions: [
                  {
                     status: "affected",
                     version: "<= 6.30(ABTF.2)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20: Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-09T18:05:56.732587",
            orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
            shortName: "Zyxel",
         },
         references: [
            {
               url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
            },
            {
               name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2022/Jun/15",
            },
            {
               url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
            },
            {
               url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f",
      assignerShortName: "Zyxel",
      cveId: "CVE-2022-26531",
      datePublished: "2022-05-24T00:00:00",
      dateReserved: "2022-03-07T00:00:00",
      dateUpdated: "2024-08-03T05:03:33.155Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2022-05-24 03:15
Modified
2024-11-21 06:39
Summary
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EB7ECE1-BA79-4F6B-92E6-72EAD8C1A89D",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF538EAF-7694-4953-86AE-4F12F8B88315",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C3D7EC0-7209-4E60-8A2F-A23CF47A4794",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "14C64F26-4FFF-4102-9D06-EFD9E4921580",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6BE3BA8-E117-4C98-9221-502DA903CA27",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25040B80-E884-44F4-902E-A8F2E27C25C6",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CED15A33-FB60-44CD-978C-9D1FBD3CE5E0",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "27A45A78-3301-49BE-A1B1-47DC5596012B",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "913F6F7E-2D5B-4684-83C8-7929C0E385F7",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5788E87A-A69D-4EB8-BBA9-99DEFABFA2A6",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2766165-4833-4744-BE12-D4D92C0337F2",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CC99D50-3D1A-444F-949A-A7BBF664233F",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "641BB3FE-BC96-494C-A6E4-A033365E691E",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1316118-0B3F-4C87-A44E-B9571A381009",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C24C8004-00BB-4AC1-978C-9D7FA036729F",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC603F1A-561C-4602-AE82-FF40E876F9A1",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F47477FF-6AAC-4517-8271-FE03B5E4E2E9",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "555D068D-8855-420A-BD1B-08F4926FF02A",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "378B84DA-D2E8-4EA3-B659-88E9F25811EB",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEC9EE6F-F6B1-48C5-8646-CBDBA2A495D5",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "75048E46-0CB5-4300-A5E4-CBCE5FE67BCF",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "293C6F8B-51F7-44A5-ACAD-10586C9EB610",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "05959C9F-4209-4B0B-81DD-6C98BFC43F7B",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4F8A08F-8531-444E-BE70-6C0096BE8CAC",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8553EF99-5F25-4F96-840C-1D5146C9CAF9",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C2F72A1-7D2D-4BC3-8440-937435507F5C",
                     versionEndIncluding: "5.20",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5046F464-AA4F-47D9-9050-CF0A5C9E6C9C",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECB8D8BC-4FEE-434C-AB4E-E847051B1919",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "63BEED27-C36F-4245-9218-C10DED73A9C2",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F504210A-CDA6-4C30-98FC-707870E37E05",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA7DB6C7-035B-4421-94A3-87F431BFA324",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB6E0DD5-DA40-4672-A6DD-A98145DCC86A",
                     versionEndIncluding: "4.70",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.",
      },
      {
         lang: "es",
         value: "Se identificó una vulnerabilidad de tipo cross-site scripting en el programa CGI de Zyxel USG/ZyWALL series versiones de firmware 4.35 hasta 4.70 , USG FLEX series versiones de firmware 4.50 hasta 5.20, ATP series versiones de firmware 4.35 hasta 5.20 y VPN series versiones de firmware 4.35 hasta 5.20, que podría permitir a un atacante obtener alguna información almacenada en el navegador del usuario, como cookies o tokens de sesión, por medio de un script malicioso",
      },
   ],
   id: "CVE-2022-0734",
   lastModified: "2024-11-21T06:39:17.163",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "security@zyxel.com.tw",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-05-24T03:15:09.093",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-05-24 03:15
Modified
2024-11-21 06:39
Summary
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "644EA277-0CC7-4B0F-A8D0-C0A976DD36D1",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE95F0D6-C1FF-4ADF-9FFE-04E6DB3A9493",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4A5619A-D50B-4ABD-809F-CA8CE1AE022F",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "86633419-26A8-4E36-8DFC-4776E473263D",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D636401-CD8D-4D2C-9BEA-1C6F96D2FEA6",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD3684E5-F119-4BD9-A29A-C35C293BC058",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC4992F-FF30-44E8-9041-4BA082D3549B",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "071225C7-8311-4C89-9633-AE5DB4800B01",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABF7A7FD-95D3-4343-9CE2-DFF8DBE8D125",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D952940F-FFEF-4480-9BD8-5E7CB1C27B2E",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B9F3DD3-0CE1-4CA8-9FEA-CE8E7915F72E",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "262CBB27-4D37-4514-BDD8-5FBEB70FEE93",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E75091F8-B5E1-4338-89BB-EC61A2778A73",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "58A79FD8-36C9-4CFA-97DF-5B964FE83EDD",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "446FBCE1-E609-4AF2-B88F-C26B85450310",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3C82532-B246-4643-B455-51E98557E3C9",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77A820ED-4923-41A6-80A8-AC2CABE2A3F1",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DCF17FE-34AC-4B11-838F-F404AD94BA18",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8169626-F4B1-465B-9D12-D2A70325EA33",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3B2D1B5-CA4F-49C5-AE99-F4688D67DF0A",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38C653B9-FCE7-407C-816E-1151166F76FF",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19D358C5-E3CE-4362-94C2-6C8715AB9D54",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B18C8637-E459-482F-B977-7BA1A3D99CA7",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0015FD08-61BF-4022-9F84-12010EA1D5A9",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E4B752C-2CAD-4A72-9660-27B57B3EB7FC",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39FCAC29-3FD8-49DF-A216-3393D9724DA7",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69172196-EAC7-4CF9-80D2-B2ED91629960",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "85D942A4-01F0-4E20-AF54-0A4E1CD0DC78",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D274E9A-2DB3-4B3D-855E-B7771A790ACF",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C72FB960-E2DB-416C-91E7-3E33E2849BA9",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083DC7BD-39ED-4A36-A6D6-42E0293AD171",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C69C75B1-1EC2-4A00-A4D9-8AF1945C03CA",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.",
      },
      {
         lang: "es",
         value: "Se ha detectado una vulnerabilidad en el programa CGI de Zyxel USG/ZyWALL versiones de firmware 4.32 hasta 4.71, USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series  versiones de firmware 4.32 hasta 5.21, y VPN series versiones de firmware 4.32 hasta 5.21, que podría permitir a un atacante autenticado omitir la segunda fase de autenticación para conectarse al servidor VPN IPsec aunque la autenticación de dos factores (2FA) estuviera habilitada",
      },
   ],
   id: "CVE-2022-0910",
   lastModified: "2024-11-21T06:39:39.087",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "security@zyxel.com.tw",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-05-24T03:15:09.150",
   references: [
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-05-24 06:15
Modified
2024-11-21 06:54
Summary
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
Impacted products
Vendor Product Version
zyxel vpn100_firmware *
zyxel vpn100 -
zyxel vpn1000_firmware *
zyxel vpn1000 -
zyxel vpn300_firmware *
zyxel vpn300 -
zyxel vpn50_firmware *
zyxel vpn50 -
zyxel atp100_firmware *
zyxel atp100 -
zyxel atp100w_firmware *
zyxel atp100w -
zyxel atp200_firmware *
zyxel atp200 -
zyxel atp500_firmware *
zyxel atp500 -
zyxel atp700_firmware *
zyxel atp700 -
zyxel atp800_firmware *
zyxel atp800 -
zyxel usg_110_firmware *
zyxel usg_110 -
zyxel usg_1100_firmware *
zyxel usg_1100 -
zyxel usg_1900_firmware *
zyxel usg_1900 -
zyxel usg_20w_firmware *
zyxel usg_20w -
zyxel usg_20w-vpn_firmware *
zyxel usg_20w-vpn -
zyxel usg_2200-vpn_firmware *
zyxel usg_2200-vpn -
zyxel usg_310_firmware *
zyxel usg_310 -
zyxel usg_40_firmware *
zyxel usg_40 -
zyxel usg_40w_firmware *
zyxel usg_40w -
zyxel usg_60_firmware *
zyxel usg_60 -
zyxel usg_60w_firmware *
zyxel usg_60w -
zyxel usg_flex_100_firmware *
zyxel usg_flex_100 -
zyxel usg_flex_100w_firmware *
zyxel usg_flex_100w -
zyxel usg_flex_200_firmware *
zyxel usg_flex_200 -
zyxel usg_flex_500_firmware *
zyxel usg_flex_500 -
zyxel usg_flex_700_firmware *
zyxel usg_flex_700 -
zyxel usg200_firmware *
zyxel usg200 -
zyxel usg20_firmware *
zyxel usg20 -
zyxel usg210_firmware *
zyxel usg210 -
zyxel usg2200_firmware *
zyxel usg2200 -
zyxel usg300_firmware *
zyxel usg300 -
zyxel usg310_firmware *
zyxel usg310 -
zyxel nsg300_firmware *
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300 -
zyxel nsg100_firmware *
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100 -
zyxel nsg50_firmware *
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50 -
zyxel nxc2500_firmware *
zyxel nxc2500 -
zyxel nxc5500_firmware *
zyxel nxc5500 -
zyxel nap203_firmware *
zyxel nap203 -
zyxel nap303_firmware *
zyxel nap303 -
zyxel nap353_firmware *
zyxel nap353 -
zyxel nwa50ax_firmware *
zyxel nwa50ax -
zyxel nwa55axe_firmware *
zyxel nwa55axe -
zyxel nwa90ax_firmware *
zyxel nwa90ax -
zyxel nwa110ax_firmware *
zyxel nwa110ax -
zyxel nwa210ax_firmware *
zyxel nwa210ax -
zyxel nwa1123-ac-hd_firmware *
zyxel nwa1123-ac-hd -
zyxel nwa1123-ac-pro_firmware *
zyxel nwa1123-ac-pro -
zyxel nwa1123acv3_firmware *
zyxel nwa1123acv3 -
zyxel nwa1302-ac_firmware *
zyxel nwa1302-ac -
zyxel nwa5123-ac-hd_firmware *
zyxel nwa5123-ac-hd -
zyxel wac500h_firmware *
zyxel wac500h -
zyxel wac500_firmware *
zyxel wac500 -
zyxel wac5302d-s_firmware *
zyxel wac5302d-s -
zyxel wac5302d-sv2_firmware *
zyxel wac5302d-sv2 -
zyxel wac6103d-i_firmware *
zyxel wac6103d-i -
zyxel wac6303d-s_firmware *
zyxel wac6303d-s -
zyxel wac6502d-e_firmware *
zyxel wac6502d-e -
zyxel wac6502d-s_firmware *
zyxel wac6502d-s -
zyxel wac6503d-s_firmware *
zyxel wac6503d-s -
zyxel wac6553d-s_firmware *
zyxel wac6553d-s -
zyxel wac6552d-s_firmware *
zyxel wac6552d-s -
zyxel wax510d_firmware *
zyxel wax510d -
zyxel wax610d_firmware *
zyxel wax610d -
zyxel wax630s_firmware *
zyxel wax630s -
zyxel wax650s_firmware *
zyxel wax650s -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "286FA4D2-DD37-4EFD-BCC4-98791B7E4F74",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "441EB008-4265-4569-A7B0-A5CAF0CA6B70",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFF1F98B-2B0C-46C6-AE43-EB652BA0800C",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B6387BE-5DED-4D27-AACC-1F42DCB90A40",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D636401-CD8D-4D2C-9BEA-1C6F96D2FEA6",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD3684E5-F119-4BD9-A29A-C35C293BC058",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC4992F-FF30-44E8-9041-4BA082D3549B",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "071225C7-8311-4C89-9633-AE5DB4800B01",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABF7A7FD-95D3-4343-9CE2-DFF8DBE8D125",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D952940F-FFEF-4480-9BD8-5E7CB1C27B2E",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "55B9C186-0EF6-457D-A865-93BEE28C03DB",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D64DDA0B-FB12-49DA-818A-77D61B6328EB",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F944352D-3F2E-4E67-9B0C-FCA488F49FDB",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A8D2A1-CA75-4DAE-8C78-67E2588AD037",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC6943C7-8559-414D-9A6A-865EEFBF223C",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0597A0E-9416-4D2E-BAF5-BEFAAE1BB93E",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B139EC4B-07CA-4D2C-8FBB-5C03F67ED169",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "07F551AE-EB73-4B97-AFBA-23A201FBAA02",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E469A8A0-D909-4713-ABA8-F2589452E193",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25670F1E-F6BA-4B2C-957F-4DCF1B112DBD",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "095FB855-F923-41C8-A3C7-E252FCD57EB5",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19D358C5-E3CE-4362-94C2-6C8715AB9D54",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B18C8637-E459-482F-B977-7BA1A3D99CA7",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0015FD08-61BF-4022-9F84-12010EA1D5A9",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E4B752C-2CAD-4A72-9660-27B57B3EB7FC",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39FCAC29-3FD8-49DF-A216-3393D9724DA7",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11A390EA-14B4-4A83-9215-2A8EEF10A564",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F4C6D9E-87AB-4BEB-A9CF-EA767FC25437",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "96C73B83-E2B8-402A-BC4F-4044D16F6D2C",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C95C785-5428-405C-A1DE-1E2202556178",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB666972-E152-45A6-BF0F-2F442565A9A9",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B39851C-29CA-4C74-8A3D-BA8AFB22D889",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A4A4415-2061-4BB3-B8AF-F492B4935F5F",
                     versionEndExcluding: "1.33",
                     versionStartIncluding: "1.00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:-:*:*:*:*:*:*",
                     matchCriteriaId: "D43F6C03-E7EE-43B9-81B7-2B298134A591",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "8872BA61-9164-48EC-8D7B-C41FCE76F32C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch2:*:*:*:*:*:*",
                     matchCriteriaId: "83FD24D6-959A-41D1-B7A3-6D06205EA8C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch3:*:*:*:*:*:*",
                     matchCriteriaId: "CB5660D2-3C80-42CF-B91C-61212B1EA351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch4:*:*:*:*:*:*",
                     matchCriteriaId: "E83EFC74-309F-42BF-A2B5-850184B4BF20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nsg300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "58B0886D-9AF4-453F-96DB-7ABAA5EE3B78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "66EEF757-9B89-4D05-93DC-0B35CB5578AA",
                     versionEndExcluding: "1.33",
                     versionStartIncluding: "1.00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:-:*:*:*:*:*:*",
                     matchCriteriaId: "70DE2243-00D1-4C94-B53B-659F48BAFF08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "E0722C8A-DACE-4FC8-8197-678CF4F6E0C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED9A278-5B95-4607-B832-A2AB7FB8A9A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch3:*:*:*:*:*:*",
                     matchCriteriaId: "DA5E8CF5-C7D8-4827-BE19-AC4EB7E66AC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch4:*:*:*:*:*:*",
                     matchCriteriaId: "415A2C9A-005A-433D-A423-F5D9CA6C8A19",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nsg100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6C5054F-BCC7-4E00-8786-24F85B2A200E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "734BB40E-9A07-4508-8C49-5A21072691B4",
                     versionEndExcluding: "1.33",
                     versionStartIncluding: "1.00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:-:*:*:*:*:*:*",
                     matchCriteriaId: "E549004C-F19F-4F2D-8522-849C008B2132",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "013AE5DA-537B-4198-A55C-17FD08F7CB9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch2:*:*:*:*:*:*",
                     matchCriteriaId: "E0D0898D-A7C6-441B-A0C8-BA7B5B2E362F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch3:*:*:*:*:*:*",
                     matchCriteriaId: "D8E83137-D14D-4143-8D38-59787AAE36D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch4:*:*:*:*:*:*",
                     matchCriteriaId: "00CB6F78-BA15-489E-BCD8-25CECB8FCBED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nsg50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B084120-41C6-4F3C-9803-9C178EB4DE91",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc2500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "099AC2B1-7352-43EC-811A-89937FA1E2E3",
                     versionEndIncluding: "6.10\\(aaig.3\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc2500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BADED427-DEFF-4213-836B-C8EF0531C39A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc5500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "012B7439-FDDB-464D-8D11-AAAF54E9F59A",
                     versionEndIncluding: "6.10\\(aaos.3\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc5500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A334B8B-8750-4519-B485-0AB0CECD212B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nap203_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00D41E43-D7BA-4927-9966-2847E12270E6",
                     versionEndIncluding: "6.25\\(abfa.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nap203:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80AE2CEA-90AC-421A-86BB-F404CDE7785D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nap303_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "93110B5F-CB02-4413-9588-35B47D7A5CE3",
                     versionEndIncluding: "6.25\\(abex.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nap303:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4BF5D4C-DB8E-4077-BE78-C73AA203406C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nap353_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C44494F9-1ADA-4A3D-8FBA-D0D97C3DACB5",
                     versionEndIncluding: "6.25\\(abey.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nap353:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BCEC13E-3D1C-4B42-87F5-94FE1066C218",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A696580F-3993-4653-B48E-AAB7D1A2B7DC",
                     versionEndIncluding: "6.25\\(abyw.5\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2806A3B3-8F13-4170-B284-8809E3502044",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E809B8FE-DBF8-4B7F-B33E-939750D08617",
                     versionEndIncluding: "6.25\\(abzl.5\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7440976-5CB4-40BE-95C2-98EF4B888109",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "554C9C1E-EE3C-4BD7-95CF-9748167EA691",
                     versionEndIncluding: "6.27\\(accv.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A903978-737E-4266-A670-BC94E32CAF96",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDFAECE0-C011-4488-89A8-249972CA0773",
                     versionEndIncluding: "6.30\\(abtg.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A3F9232-F988-4428-9898-4F536123CE88",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DD8FF80-E4B1-4521-B2D3-B2B4B4049A14",
                     versionEndIncluding: "6.30\\(abtd.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BB129F9-64D8-43C2-9366-51EBDF419F5F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1123-ac-hd_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF0819A0-7616-467F-BF17-59302EADCA0C",
                     versionEndIncluding: "6.25\\(abin.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1123-ac-hd:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "27F719D3-0D19-4D92-9570-4B1A48AD5670",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1123-ac-pro_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "858A8B50-515B-4CD3-B07C-3633EE605CC9",
                     versionEndIncluding: "6.25\\(abhd.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1123-ac-pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DC66B07-67FB-47F6-B54B-E40BE89F33A9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF0C532C-D263-4EDA-8127-0CE61A02353A",
                     versionEndIncluding: "6.30\\(abvt.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "36C13E7F-2186-4587-83E9-57B05A7147B7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1302-ac_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9DF9C2-7BD9-456D-8D27-DD6966A0B4AA",
                     versionEndIncluding: "6.25\\(abku.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1302-ac:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA514BB-B688-4EBD-9530-F5112F7503F6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa5123-ac-hd_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A775E4A-4672-494E-A5A4-D906180092FA",
                     versionEndIncluding: "6.25\\(abim.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa5123-ac-hd:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1808BC03-AE4E-4AB7-996D-89081808720B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "528A7200-2884-4849-82EC-516A6BAB9DD2",
                     versionEndIncluding: "6.30\\(abwa.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A1FD502-4F62-4C77-B3BC-E563B24F0067",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD646A37-5CE7-4B9D-9F9A-0443F5A35047",
                     versionEndIncluding: "6.30\\(abvs.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C024551-F08F-4152-940D-1CF8BCD79613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac5302d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC5ABF47-C899-4C1B-AFFB-11F37B2CA1B2",
                     versionEndIncluding: "6.10\\(abfh.10\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac5302d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4AA4FC1-E3E4-499F-B0C1-22B738DA4DA8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac5302d-sv2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "97843B29-E50B-4451-8583-9120A30908D4",
                     versionEndIncluding: "6.25\\(abvz.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac5302d-sv2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A690501F-DC2D-4F90-ABC0-33B5F1279C36",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDC631C-0510-4E30-B896-B218ABE618AA",
                     versionEndIncluding: "6.25\\(aaxh.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "341DB051-7F01-4B36-BA15-EBC25FACB439",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6303d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0126F87D-14E9-402B-975A-FB11855D1E6C",
                     versionEndIncluding: "6.25\\(abgl.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F08117-0BCE-4EA1-8DA7-1AC4EFF67E2F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6502d-e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5701D95-35AC-489B-8348-E3AC32D1626D",
                     versionEndIncluding: "6.25\\(aasd.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6502d-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD8842C8-FB0A-46F0-9BB4-CAC6334D1E51",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00AA8697-6B5D-439C-8E9A-B0B1EBDF1496",
                     versionEndIncluding: "6.25\\(aase.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD108388-ABE5-4142-910F-C3C8B1C13617",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7ADC5F9-B1CE-474A-958F-F6267507A5E1",
                     versionEndIncluding: "6.25\\(aasf.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DFDF64A-17F5-4F05-8700-DCA36CCB6F2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6553d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A467110-CF4D-45CB-8855-EBA5D5985294",
                     versionEndIncluding: "6.25\\(aasg.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6553d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD45FA01-D2BF-441A-8669-1190F79D206B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "978F6DD8-A04F-4DC0-8497-4F6454FA3235",
                     versionEndIncluding: "6.25\\(abio.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD47738A-9001-4CC1-8FED-1D1CFC56F548",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272586C-292F-409C-9BDB-D9D70C0C3D2A",
                     versionEndIncluding: "6.30\\(abtf.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "86B43BD3-CA22-4D81-9281-78A3B23FAC60",
                     versionEndIncluding: "6.30\\(abte.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3518DA0A-2C7B-4979-A457-0826C921B0F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A26EEF52-DC36-4D5C-9E2F-25238615B2BC",
                     versionEndIncluding: "6.30\\(abzd.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC74AAF9-5206-4CEB-9023-6CD4F38AA623",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AAF35E44-DC87-49EC-868A-C721CC4FFD3B",
                     versionEndIncluding: "6.30\\(abrm.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D784994E-E2CE-4328-B490-D9DC195A53DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de inyección de argumentos en el comando CLI \"packet-trace\" de Zyxel USG/ZyWALL versiones 4.09 hasta 4.71, USG FLEX series versiones 4.50 hasta 5.21, ATP series versiones 4.32 hasta 5.21, VPN series versiones 4.30 hasta 5.21, NSG series versiones 1.00 hasta 1.33 Patch 4, NXC2500 versión de firmware 6.10(AAIG.3 ) y versiones anteriores, NAP203 versión de firmware 6.25(ABFA.7) y versiones anteriores, NWA50AX versión de firmware 6.25(ABYW.5) y versiones anteriores, WAC500 versión de firmware 6.30(ABVS.2) y versiones anteriores, WAX510D versión de firmware 6.30(ABTF.2) y versiones anteriores, que podría permitir a un atacante local autenticado ejecutar comandos arbitrarios del sistema operativo mediante una inclusión de argumentos diseñados en el comando CLI",
      },
   ],
   id: "CVE-2022-26532",
   lastModified: "2024-11-21T06:54:07.663",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "security@zyxel.com.tw",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-05-24T06:15:09.390",
   references: [
      {
         source: "security@zyxel.com.tw",
         url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
      },
      {
         source: "security@zyxel.com.tw",
         url: "http://seclists.org/fulldisclosure/2022/Jun/15",
      },
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2022/Jun/15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-88",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-12-22 22:15
Modified
2024-11-21 05:24
Severity ?
Summary
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
References
cve@mitre.orghttp://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdfBroken Link
cve@mitre.orghttps://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-releaseRelease Notes
cve@mitre.orghttps://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15Release Notes
cve@mitre.orghttps://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.htmlBroken Link, Third Party Advisory
cve@mitre.orghttps://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/Exploit, Third Party Advisory
cve@mitre.orghttps://www.zyxel.com/support/CVE-2020-29583.shtmlVendor Advisory
cve@mitre.orghttps://www.zyxel.com/support/security_advisories.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdfBroken Link
af854a3a-2127-422b-91ae-364da2661108https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-releaseRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.htmlBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zyxel.com/support/CVE-2020-29583.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zyxel.com/support/security_advisories.shtmlVendor Advisory



{
   cisaActionDue: "2022-05-03",
   cisaExploitAdd: "2021-11-03",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "660A9038-66FB-4F71-BA50-8ED69C2E2274",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7239C54F-EC9E-44B4-AE33-1D36E5448219",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "E892C61D-80DE-4FA4-9224-1B3C72A31F57",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "06D2AD3A-9197-487D-A267-24DE332CC66B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg40_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "29398F33-D8B4-432D-A075-4454DA1B23F0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg40w_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA146A61-7B27-4E48-87C1-A82F45FB692A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg60_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "14F685CA-FBD9-4A00-BB23-BF914DFE41D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "26900300-1325-4C8A-BC3B-A10233B2462A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg60w_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "022CF987-20A8-4450-A8B8-94AF2F2D453E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg110_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "7540894B-A1EF-40C3-ABD3-D58CDB45622F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg210_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "6556E988-676D-4E7A-BDC2-A53256548FEA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg310_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "56EF63D0-63DD-4EFD-AE7A-5680710AE573",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg1100_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "8451A4C8-2023-41A4-81A9-91565CEC6918",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg1900_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "7391C72E-CAB3-4FAD-9FB6-789F48516C26",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60F4E816-C4D3-451A-965C-45387D7DEB5B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2200_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3B7B49D-7DB2-4D44-AC55-6B1F828B512D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall110_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "52922CA2-1C1E-4972-A52E-D9FA84BCC4C1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2347F91E-8AA3-4EB5-AD7F-7602A46C20BD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall310_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9336382-E759-4869-9B59-57366E176CA2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A97613C-26EF-481E-9215-197FE7A9D1C6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall1100_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "271DE232-FAED-48A1-891C-33A6FDBA9EAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53A5732E-193B-4017-A434-A76BE80E20D9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DC9FE97-6B7D-41E8-879C-572B23CB1105",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100w_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "61489A79-AAF5-4347-9E10-73F139D30EE2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp200_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB876002-669D-4052-B1B0-DA8F0B4EC500",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp500_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E6231DF-ADB3-43A9-AC3B-C72905584B05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp700_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEDC5E3D-2103-4545-8611-B1C49B4B5BAB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp800_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "246B2EF8-6412-4E69-91A5-B394BF4D299F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn50_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6A568BA-58D3-400C-9742-8E966C90D83E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn100_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "65E48F65-A408-4A93-BBBC-44D5054D9841",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn300_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B2E5F78-7F7B-46BA-A7B1-0A49F4A6509D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "E39AE158-E577-403B-867E-CCD5F8EE5FC5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "14484416-6575-4E23-96A7-F37936F75BAB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0597006-8FA7-4622-9C13-AFE9767CADE5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "28D39C78-DD5A-47FB-9590-B79AABA1038B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "438B93F0-7CBF-49E9-B556-CFEFE2E6EED0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:4.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "414BCC73-277B-48FD-8273-B33A780806D0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.",
      },
      {
         lang: "es",
         value: "La versión de firmware 4.60 de los dispositivos Zyxel USG contiene una cuenta no documentada (zyfwp) con una contraseña que no puede ser cambiada.&#xa0;La contraseña para esta cuenta se puede encontrar en texto sin cifrar en el firmware.&#xa0;Esta cuenta puede ser usada por alguien para iniciar sesión en el servidor ssh o en la interfaz web con privilegios de administrador",
      },
   ],
   id: "CVE-2020-29583",
   lastModified: "2024-11-21T05:24:15.697",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-12-22T22:15:14.443",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/CVE-2020-29583.shtml",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/security_advisories.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/CVE-2020-29583.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/security_advisories.shtml",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-522",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-04 20:15
Modified
2024-11-21 05:39
Severity ?
Summary
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2



{
   cisaActionDue: "2022-04-15",
   cisaExploitAdd: "2022-03-25",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Zyxel Multiple NAS Devices OS Command Injection Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FEC76CA-9F2C-4A44-93C5-C131E68B9A5E",
                     versionEndExcluding: "5.21\\(aazf.7\\)c0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0A01B19-4A91-4FBC-8447-2E854346DAC5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nas520_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "09DE98E7-CE8E-4F45-9F1E-4A4345FBD443",
                     versionEndExcluding: "5.21\\(aasz.3\\)c0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nas520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B2BA3D-40F0-4D59-8838-B226FAABF27E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "511D5E0C-9110-4505-8DC6-5C06A10CBC20",
                     versionEndExcluding: "5.21\\(aatb.4\\)c0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2F7264C-D32A-4EE9-BADC-78518D762BCA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "608792D0-44B3-4A07-A48C-D3D71F26056D",
                     versionEndExcluding: "5.21\\(abag.4\\)c0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B482F4E-6E1B-45BD-A114-C389E2CD7542",
                     versionEndExcluding: "4.35\\(abps.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DE3AD47-1C82-4B8B-87F4-E545A7DAFE5C",
                     versionEndExcluding: "4.35\\(abfw.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "352E7F31-76DB-4786-BCC0-E11F43550EB1",
                     versionEndExcluding: "4.35\\(abfu.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92E70F0C-D446-47B2-809B-D4680DAF13FC",
                     versionEndExcluding: "4.35\\(abiq.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB019CF4-75AA-4CB0-BA44-42BE620C03B3",
                     versionEndExcluding: "4.35\\(abaq.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7239C54F-EC9E-44B4-AE33-1D36E5448219",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C621E3-DD7D-4FD0-AD1F-6D7BFDCA38F7",
                     versionEndExcluding: "4.35\\(abar.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "06D2AD3A-9197-487D-A267-24DE332CC66B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E638CFB-A13D-429D-A8E7-275959673ED6",
                     versionEndExcluding: "4.35\\(aala.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB73D7EE-6A50-4DA5-B9A3-36E39244FF23",
                     versionEndExcluding: "4.35\\(aalb.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0906F3FA-793B-421D-B957-7E9C18C1AEC0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1183A743-F349-4D93-8943-C80F8976A2BE",
                     versionEndExcluding: "4.35\\(aaky.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "26900300-1325-4C8A-BC3B-A10233B2462A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F0D184B-31BB-4808-AF97-03599283F181",
                     versionEndExcluding: "4.35\\(aakz.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5A7555E-BC29-460C-A701-7DCDEAFE67F3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8598C1A4-10CE-4092-9339-217AA27FF14D",
                     versionEndExcluding: "4.35\\(aaph.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B42E5510-F6BB-40DA-8115-4D324DDCF5B2",
                     versionEndExcluding: "4.35\\(aapi.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DE7E2A7-3083-4AB7-ABA8-9EE8585DA1C1",
                     versionEndExcluding: "4.35\\(aapj.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCDB08DB-DFBD-4A3C-86FD-5383D4B60248",
                     versionEndExcluding: "4.35\\(aapk.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B68C4BD-3279-47AB-AC2A-7555163B12E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAED492E-9FDD-4F6F-91E0-6EDA3036C725",
                     versionEndExcluding: "4.35\\(aapl.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60F4E816-C4D3-451A-965C-45387D7DEB5B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A54DCF88-38E3-4660-ABC2-829B2DA5C445",
                     versionEndExcluding: "4.35\\(abae.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FFB5E9D-75AD-4696-8EDF-A7726B5F2809",
                     versionEndExcluding: "4.35\\(abhl.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E5C5E12-CDDB-4DDF-AAA8-4AB499F5925F",
                     versionEndExcluding: "4.35\\(abfv.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0120A42B-EA67-44DC-BE04-FECF0279187C",
                     versionEndExcluding: "4.35\\(abfc.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A71B4358-0E6F-496E-BFCF-0B368CBD1D09",
                     versionEndExcluding: "4.35\\(abip.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "025A43D2-42C3-4AEC-9C2E-61BAEB428545",
                     versionEndExcluding: "4.35\\(aaaa.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2347F91E-8AA3-4EB5-AD7F-7602A46C20BD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FB2E4BB-5684-4081-B9BA-80808E8ADD6F",
                     versionEndExcluding: "4.35\\(aaab.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A97613C-26EF-481E-9215-197FE7A9D1C6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:zywall1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "536BDA9F-4A29-4C59-8C39-F54794BE3026",
                     versionEndExcluding: "4.35\\(aaac.3\\)c0",
                     versionStartIncluding: "4.35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "53A5732E-193B-4017-A434-A76BE80E20D9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",
      },
      {
         lang: "es",
         value: "Múltiples dispositivos network-attached storage (NAS) de ZyXEL cuando ejecutan la versión de firmware 5.21 contienen una vulnerabilidad de inyección de comando previa a la autenticación, que puede permitir a un atacante remoto no autenticado ejecutar código arbitrario sobre un dispositivo vulnerable. Los dispositivos NAS de ZyXEL alcanzan la autenticación utilizando el archivo ejecutable CGI weblogin.cgi. Este programa no puede sanear apropiadamente el parámetro username que se le pasó. Si el parámetro de username contiene determinados caracteres, puede permitir una inyección de comandos con los privilegios del servidor web que se ejecuta en el dispositivo ZyXEL. Aunque el servidor web no es ejecutado como el usuario root, los dispositivos ZyXEL incluyen una utilidad setuid que puede ser aprovechada para ejecutar cualquier comando con privilegios root. Como tal, se debe suponer que la explotación de esta vulnerabilidad puede conducir a la ejecución remota de código con privilegios root. Mediante el envío de una petición HTTP POST o GET especialmente diseñada hacia un dispositivo ZyXEL vulnerable, un atacante remoto no autenticado puede ejecutar código arbitrario en el dispositivo. Esto puede presentarse al conectar directamente a un dispositivo si es expuesto directamente a un atacante. Sin embargo, existen maneras de activar tales peticiones diseñadas inclusive si un atacante no posee conectividad directa con dispositivos vulnerables. Por ejemplo, simplemente visitando un sitio web puede comprometer cualquier dispositivo ZyXEL al que se pueda acceder desde el sistema cliente. Los productos afectados incluyen: NAS326 antes de la versión de firmware V5.21(AAZF.7)C0, NAS520 antes de la versión de firmware V5.21(AASZ.3)C0, NAS540 antes de la versión de firmware V5.21(AATB.4)C0 NAS542 antes de la versión de firmware V5.21(ABAG.4)C0. ZyXEL ha puesto a disposición actualizaciones de firmware para dispositivos NAS326, NAS520, NAS540 y NAS542. Modelos afectados que se encuentran en el final del soporte: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 y NSA325v2.",
      },
   ],
   id: "CVE-2020-9054",
   lastModified: "2024-11-21T05:39:54.583",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-04T20:15:10.750",
   references: [
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cwe.mitre.org/data/definitions/78.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://kb.cert.org/artifacts/cve-2020-9054.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://kb.cert.org/vuls/id/498544/",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cwe.mitre.org/data/definitions/78.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://kb.cert.org/artifacts/cve-2020-9054.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://kb.cert.org/vuls/id/498544/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml",
      },
   ],
   sourceIdentifier: "cret@cert.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "cret@cert.org",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-05-24 06:15
Modified
2024-11-21 06:54
Summary
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
Impacted products
Vendor Product Version
zyxel vpn100_firmware *
zyxel vpn100 -
zyxel vpn1000_firmware *
zyxel vpn1000 -
zyxel vpn300_firmware *
zyxel vpn300 -
zyxel vpn50_firmware *
zyxel vpn50 -
zyxel atp100_firmware *
zyxel atp100 -
zyxel atp100w_firmware *
zyxel atp100w -
zyxel atp200_firmware *
zyxel atp200 -
zyxel atp500_firmware *
zyxel atp500 -
zyxel atp700_firmware *
zyxel atp700 -
zyxel atp800_firmware *
zyxel atp800 -
zyxel usg_110_firmware *
zyxel usg_110 -
zyxel usg_1100_firmware *
zyxel usg_1100 -
zyxel usg_1900_firmware *
zyxel usg_1900 -
zyxel usg_20w_firmware *
zyxel usg_20w -
zyxel usg_20w-vpn_firmware *
zyxel usg_20w-vpn -
zyxel usg_2200-vpn_firmware *
zyxel usg_2200-vpn -
zyxel usg_310_firmware *
zyxel usg_310 -
zyxel usg_40_firmware *
zyxel usg_40 -
zyxel usg_40w_firmware *
zyxel usg_40w -
zyxel usg_60_firmware *
zyxel usg_60 -
zyxel usg_60w_firmware *
zyxel usg_60w -
zyxel usg_flex_100_firmware *
zyxel usg_flex_100 -
zyxel usg_flex_100w_firmware *
zyxel usg_flex_100w -
zyxel usg_flex_200_firmware *
zyxel usg_flex_200 -
zyxel usg_flex_500_firmware *
zyxel usg_flex_500 -
zyxel usg_flex_700_firmware *
zyxel usg_flex_700 -
zyxel usg200_firmware *
zyxel usg200 -
zyxel usg20_firmware *
zyxel usg20 -
zyxel usg210_firmware *
zyxel usg210 -
zyxel usg2200_firmware *
zyxel usg2200 -
zyxel usg300_firmware *
zyxel usg300 -
zyxel usg310_firmware *
zyxel usg310 -
zyxel nsg300_firmware *
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300_firmware 1.33
zyxel nsg300 -
zyxel nsg100_firmware *
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100_firmware 1.33
zyxel nsg100 -
zyxel nsg50_firmware *
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50_firmware 1.33
zyxel nsg50 -
zyxel nxc2500_firmware *
zyxel nxc2500 -
zyxel nxc5500_firmware *
zyxel nxc5500 -
zyxel nap203_firmware *
zyxel nap203 -
zyxel nap303_firmware *
zyxel nap303 -
zyxel nap353_firmware *
zyxel nap353 -
zyxel nwa50ax_firmware *
zyxel nwa50ax -
zyxel nwa55axe_firmware *
zyxel nwa55axe -
zyxel nwa90ax_firmware *
zyxel nwa90ax -
zyxel nwa110ax_firmware *
zyxel nwa110ax -
zyxel nwa210ax_firmware *
zyxel nwa210ax -
zyxel nwa1123-ac-hd_firmware *
zyxel nwa1123-ac-hd -
zyxel nwa1123-ac-pro_firmware *
zyxel nwa1123-ac-pro -
zyxel nwa1123acv3_firmware *
zyxel nwa1123acv3 -
zyxel nwa1302-ac_firmware *
zyxel nwa1302-ac -
zyxel nwa5123-ac-hd_firmware *
zyxel nwa5123-ac-hd -
zyxel wac500h_firmware *
zyxel wac500h -
zyxel wac500_firmware *
zyxel wac500 -
zyxel wac5302d-s_firmware *
zyxel wac5302d-s -
zyxel wac5302d-sv2_firmware *
zyxel wac5302d-sv2 -
zyxel wac6103d-i_firmware *
zyxel wac6103d-i -
zyxel wac6303d-s_firmware *
zyxel wac6303d-s -
zyxel wac6502d-e_firmware *
zyxel wac6502d-e -
zyxel wac6502d-s_firmware *
zyxel wac6502d-s -
zyxel wac6503d-s_firmware *
zyxel wac6503d-s -
zyxel wac6553d-s_firmware *
zyxel wac6553d-s -
zyxel wac6552d-s_firmware *
zyxel wac6552d-s -
zyxel wax510d_firmware *
zyxel wax510d -
zyxel wax610d_firmware *
zyxel wax610d -
zyxel wax630s_firmware *
zyxel wax630s -
zyxel wax650s_firmware *
zyxel wax650s -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "286FA4D2-DD37-4EFD-BCC4-98791B7E4F74",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "441EB008-4265-4569-A7B0-A5CAF0CA6B70",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFF1F98B-2B0C-46C6-AE43-EB652BA0800C",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B6387BE-5DED-4D27-AACC-1F42DCB90A40",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.30",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D636401-CD8D-4D2C-9BEA-1C6F96D2FEA6",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD3684E5-F119-4BD9-A29A-C35C293BC058",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC4992F-FF30-44E8-9041-4BA082D3549B",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "071225C7-8311-4C89-9633-AE5DB4800B01",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABF7A7FD-95D3-4343-9CE2-DFF8DBE8D125",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D952940F-FFEF-4480-9BD8-5E7CB1C27B2E",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "55B9C186-0EF6-457D-A865-93BEE28C03DB",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D64DDA0B-FB12-49DA-818A-77D61B6328EB",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F944352D-3F2E-4E67-9B0C-FCA488F49FDB",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18A8D2A1-CA75-4DAE-8C78-67E2588AD037",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC6943C7-8559-414D-9A6A-865EEFBF223C",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0597A0E-9416-4D2E-BAF5-BEFAAE1BB93E",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B139EC4B-07CA-4D2C-8FBB-5C03F67ED169",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "07F551AE-EB73-4B97-AFBA-23A201FBAA02",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E469A8A0-D909-4713-ABA8-F2589452E193",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25670F1E-F6BA-4B2C-957F-4DCF1B112DBD",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "095FB855-F923-41C8-A3C7-E252FCD57EB5",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19D358C5-E3CE-4362-94C2-6C8715AB9D54",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B18C8637-E459-482F-B977-7BA1A3D99CA7",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0015FD08-61BF-4022-9F84-12010EA1D5A9",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E4B752C-2CAD-4A72-9660-27B57B3EB7FC",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "39FCAC29-3FD8-49DF-A216-3393D9724DA7",
                     versionEndIncluding: "5.21",
                     versionStartIncluding: "4.50",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "11A390EA-14B4-4A83-9215-2A8EEF10A564",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F4C6D9E-87AB-4BEB-A9CF-EA767FC25437",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "96C73B83-E2B8-402A-BC4F-4044D16F6D2C",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C95C785-5428-405C-A1DE-1E2202556178",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB666972-E152-45A6-BF0F-2F442565A9A9",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B39851C-29CA-4C74-8A3D-BA8AFB22D889",
                     versionEndIncluding: "4.71",
                     versionStartIncluding: "4.09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A4A4415-2061-4BB3-B8AF-F492B4935F5F",
                     versionEndExcluding: "1.33",
                     versionStartIncluding: "1.00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:-:*:*:*:*:*:*",
                     matchCriteriaId: "D43F6C03-E7EE-43B9-81B7-2B298134A591",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "8872BA61-9164-48EC-8D7B-C41FCE76F32C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch2:*:*:*:*:*:*",
                     matchCriteriaId: "83FD24D6-959A-41D1-B7A3-6D06205EA8C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch3:*:*:*:*:*:*",
                     matchCriteriaId: "CB5660D2-3C80-42CF-B91C-61212B1EA351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch4:*:*:*:*:*:*",
                     matchCriteriaId: "E83EFC74-309F-42BF-A2B5-850184B4BF20",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nsg300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "58B0886D-9AF4-453F-96DB-7ABAA5EE3B78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "66EEF757-9B89-4D05-93DC-0B35CB5578AA",
                     versionEndExcluding: "1.33",
                     versionStartIncluding: "1.00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:-:*:*:*:*:*:*",
                     matchCriteriaId: "70DE2243-00D1-4C94-B53B-659F48BAFF08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "E0722C8A-DACE-4FC8-8197-678CF4F6E0C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED9A278-5B95-4607-B832-A2AB7FB8A9A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch3:*:*:*:*:*:*",
                     matchCriteriaId: "DA5E8CF5-C7D8-4827-BE19-AC4EB7E66AC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch4:*:*:*:*:*:*",
                     matchCriteriaId: "415A2C9A-005A-433D-A423-F5D9CA6C8A19",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nsg100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6C5054F-BCC7-4E00-8786-24F85B2A200E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "734BB40E-9A07-4508-8C49-5A21072691B4",
                     versionEndExcluding: "1.33",
                     versionStartIncluding: "1.00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:-:*:*:*:*:*:*",
                     matchCriteriaId: "E549004C-F19F-4F2D-8522-849C008B2132",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "013AE5DA-537B-4198-A55C-17FD08F7CB9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch2:*:*:*:*:*:*",
                     matchCriteriaId: "E0D0898D-A7C6-441B-A0C8-BA7B5B2E362F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch3:*:*:*:*:*:*",
                     matchCriteriaId: "D8E83137-D14D-4143-8D38-59787AAE36D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch4:*:*:*:*:*:*",
                     matchCriteriaId: "00CB6F78-BA15-489E-BCD8-25CECB8FCBED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nsg50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B084120-41C6-4F3C-9803-9C178EB4DE91",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc2500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "099AC2B1-7352-43EC-811A-89937FA1E2E3",
                     versionEndIncluding: "6.10\\(aaig.3\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc2500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BADED427-DEFF-4213-836B-C8EF0531C39A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nxc5500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "012B7439-FDDB-464D-8D11-AAAF54E9F59A",
                     versionEndIncluding: "6.10\\(aaos.3\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nxc5500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A334B8B-8750-4519-B485-0AB0CECD212B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nap203_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00D41E43-D7BA-4927-9966-2847E12270E6",
                     versionEndIncluding: "6.25\\(abfa.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nap203:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80AE2CEA-90AC-421A-86BB-F404CDE7785D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nap303_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "93110B5F-CB02-4413-9588-35B47D7A5CE3",
                     versionEndIncluding: "6.25\\(abex.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nap303:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4BF5D4C-DB8E-4077-BE78-C73AA203406C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nap353_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C44494F9-1ADA-4A3D-8FBA-D0D97C3DACB5",
                     versionEndIncluding: "6.25\\(abey.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nap353:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BCEC13E-3D1C-4B42-87F5-94FE1066C218",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A696580F-3993-4653-B48E-AAB7D1A2B7DC",
                     versionEndIncluding: "6.25\\(abyw.5\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2806A3B3-8F13-4170-B284-8809E3502044",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E809B8FE-DBF8-4B7F-B33E-939750D08617",
                     versionEndIncluding: "6.25\\(abzl.5\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7440976-5CB4-40BE-95C2-98EF4B888109",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "554C9C1E-EE3C-4BD7-95CF-9748167EA691",
                     versionEndIncluding: "6.27\\(accv.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A903978-737E-4266-A670-BC94E32CAF96",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDFAECE0-C011-4488-89A8-249972CA0773",
                     versionEndIncluding: "6.30\\(abtg.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A3F9232-F988-4428-9898-4F536123CE88",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DD8FF80-E4B1-4521-B2D3-B2B4B4049A14",
                     versionEndIncluding: "6.30\\(abtd.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BB129F9-64D8-43C2-9366-51EBDF419F5F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1123-ac-hd_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF0819A0-7616-467F-BF17-59302EADCA0C",
                     versionEndIncluding: "6.25\\(abin.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1123-ac-hd:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "27F719D3-0D19-4D92-9570-4B1A48AD5670",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1123-ac-pro_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "858A8B50-515B-4CD3-B07C-3633EE605CC9",
                     versionEndIncluding: "6.25\\(abhd.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1123-ac-pro:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DC66B07-67FB-47F6-B54B-E40BE89F33A9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF0C532C-D263-4EDA-8127-0CE61A02353A",
                     versionEndIncluding: "6.30\\(abvt.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "36C13E7F-2186-4587-83E9-57B05A7147B7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa1302-ac_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A9DF9C2-7BD9-456D-8D27-DD6966A0B4AA",
                     versionEndIncluding: "6.25\\(abku.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa1302-ac:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA514BB-B688-4EBD-9530-F5112F7503F6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:nwa5123-ac-hd_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A775E4A-4672-494E-A5A4-D906180092FA",
                     versionEndIncluding: "6.25\\(abim.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:nwa5123-ac-hd:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1808BC03-AE4E-4AB7-996D-89081808720B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "528A7200-2884-4849-82EC-516A6BAB9DD2",
                     versionEndIncluding: "6.30\\(abwa.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A1FD502-4F62-4C77-B3BC-E563B24F0067",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD646A37-5CE7-4B9D-9F9A-0443F5A35047",
                     versionEndIncluding: "6.30\\(abvs.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C024551-F08F-4152-940D-1CF8BCD79613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac5302d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC5ABF47-C899-4C1B-AFFB-11F37B2CA1B2",
                     versionEndIncluding: "6.10\\(abfh.10\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac5302d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4AA4FC1-E3E4-499F-B0C1-22B738DA4DA8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac5302d-sv2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "97843B29-E50B-4451-8583-9120A30908D4",
                     versionEndIncluding: "6.25\\(abvz.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac5302d-sv2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A690501F-DC2D-4F90-ABC0-33B5F1279C36",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDC631C-0510-4E30-B896-B218ABE618AA",
                     versionEndIncluding: "6.25\\(aaxh.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "341DB051-7F01-4B36-BA15-EBC25FACB439",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6303d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0126F87D-14E9-402B-975A-FB11855D1E6C",
                     versionEndIncluding: "6.25\\(abgl.6\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F08117-0BCE-4EA1-8DA7-1AC4EFF67E2F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6502d-e_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5701D95-35AC-489B-8348-E3AC32D1626D",
                     versionEndIncluding: "6.25\\(aasd.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6502d-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD8842C8-FB0A-46F0-9BB4-CAC6334D1E51",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00AA8697-6B5D-439C-8E9A-B0B1EBDF1496",
                     versionEndIncluding: "6.25\\(aase.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD108388-ABE5-4142-910F-C3C8B1C13617",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7ADC5F9-B1CE-474A-958F-F6267507A5E1",
                     versionEndIncluding: "6.25\\(aasf.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DFDF64A-17F5-4F05-8700-DCA36CCB6F2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6553d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A467110-CF4D-45CB-8855-EBA5D5985294",
                     versionEndIncluding: "6.25\\(aasg.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6553d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD45FA01-D2BF-441A-8669-1190F79D206B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "978F6DD8-A04F-4DC0-8497-4F6454FA3235",
                     versionEndIncluding: "6.25\\(abio.7\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD47738A-9001-4CC1-8FED-1D1CFC56F548",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F272586C-292F-409C-9BDB-D9D70C0C3D2A",
                     versionEndIncluding: "6.30\\(abtf.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "86B43BD3-CA22-4D81-9281-78A3B23FAC60",
                     versionEndIncluding: "6.30\\(abte.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3518DA0A-2C7B-4979-A457-0826C921B0F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A26EEF52-DC36-4D5C-9E2F-25238615B2BC",
                     versionEndIncluding: "6.30\\(abzd.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC74AAF9-5206-4CEB-9023-6CD4F38AA623",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AAF35E44-DC87-49EC-868A-C721CC4FFD3B",
                     versionEndIncluding: "6.30\\(abrm.2\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D784994E-E2CE-4328-B490-D9DC195A53DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.",
      },
      {
         lang: "es",
         value: "Se han identificado varios fallos de comprobación de entrada inadecuados en algunos comandos CLI de las Zyxel USG/ZyWALL versiones de firmware 4.09 hasta 4.71,  USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series versiones de firmware 4.32 hasta 5.21, VPN series versiones de firmware 4.30 a 5.21, NSG series versiones de firmware1.00 hasta 1.33 Patch 4, NXC2500 versión de firmware 6.10(AAIG.3 ) y versiones anteriores, el firmware NAP203 versión 6.25(ABFA.7) y versiones anteriores, NWA50AX versión de firmware 6.25(ABYW.5) y versiones anteriores, WAC500 versión de firmware 6.30(ABVS.2) y versiones anteriores, WAX510D versión de firmware 6.30(ABTF.2) y versiones anteriores, que podría permitir a un atacante local autenticado causar un desbordamiento del búfer o un bloqueo del sistema por medio de una carga útil diseñada",
      },
   ],
   id: "CVE-2022-26531",
   lastModified: "2024-11-21T06:54:07.470",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 4.2,
            source: "security@zyxel.com.tw",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-05-24T06:15:09.297",
   references: [
      {
         source: "security@zyxel.com.tw",
         url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
      },
      {
         source: "security@zyxel.com.tw",
         url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html",
      },
      {
         source: "security@zyxel.com.tw",
         url: "http://seclists.org/fulldisclosure/2022/Jun/15",
      },
      {
         source: "security@zyxel.com.tw",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2022/Jun/15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml",
      },
   ],
   sourceIdentifier: "security@zyxel.com.tw",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "security@zyxel.com.tw",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}