Vulnerabilites related to zyxel - usg2200_firmware
cve-2022-26532
Vulnerability from cvelistv5
Published
2022-05-24 05:20
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
References
▼ | URL | Tags |
---|---|---|
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml | x_refsource_CONFIRM | |
http://seclists.org/fulldisclosure/2022/Jun/15 | mailing-list, x_refsource_FULLDISC | |
http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Zyxel | USG/ZyWALL series firmware |
Version: 4.09 through 4.71 |
||||||||||||||||||||||||||||||||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:03:32.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "USG/ZyWALL series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.09 through 4.71", }, ], }, { product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.50 through 5.21", }, ], }, { product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.32 through 5.21", }, ], }, { product: "VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.30 through 5.21", }, ], }, { product: "NSG series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "1.00 through 1.33 Patch 4", }, ], }, { product: "NXC2500 firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.10(AAIG.3)", }, ], }, { product: "NAP203 firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.25(ABFA.7)", }, ], }, { product: "NWA50AX firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.25(ABYW.5)", }, ], }, { product: "WAC500 firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.30(ABVS.2)", }, ], }, { product: "WAX510D firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.30(ABTF.2)", }, ], }, ], descriptions: [ { lang: "en", value: "A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-88", description: "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-19T18:06:10", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@zyxel.com.tw", ID: "CVE-2022-26532", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "USG/ZyWALL series firmware", version: { version_data: [ { version_value: "4.09 through 4.71", }, ], }, }, { product_name: "USG FLEX series firmware", version: { version_data: [ { version_value: "4.50 through 5.21", }, ], }, }, { product_name: "ATP series firmware", version: { version_data: [ { version_value: "4.32 through 5.21", }, ], }, }, { product_name: "VPN series firmware", version: { version_data: [ { version_value: "4.30 through 5.21", }, ], }, }, { product_name: "NSG series firmware", version: { version_data: [ { version_value: "1.00 through 1.33 Patch 4", }, ], }, }, { product_name: "NXC2500 firmware", version: { version_data: [ { version_value: "<= 6.10(AAIG.3)", }, ], }, }, { product_name: "NAP203 firmware", version: { version_data: [ { version_value: "<= 6.25(ABFA.7)", }, ], }, }, { product_name: "NWA50AX firmware", version: { version_data: [ { version_value: "<= 6.25(ABYW.5)", }, ], }, }, { product_name: "WAC500 firmware", version: { version_data: [ { version_value: "<= 6.30(ABVS.2)", }, ], }, }, { product_name: "WAX510D firmware", version: { version_data: [ { version_value: "<= 6.30(ABTF.2)", }, ], }, }, ], }, vendor_name: "Zyxel", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.", }, ], }, impact: { cvss: { baseScore: "7.8", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", refsource: "CONFIRM", url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { name: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2022-26532", datePublished: "2022-05-24T05:20:09", dateReserved: "2022-03-07T00:00:00", dateUpdated: "2024-08-03T05:03:32.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0734
Vulnerability from cvelistv5
Published
2022-05-24 02:10
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
References
▼ | URL | Tags |
---|---|---|
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Zyxel | USG/ZyWALL series firmware |
Version: 4.35 through 4.70 |
||||||||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:40:03.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "USG/ZyWALL series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.35 through 4.70", }, ], }, { product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.50 through 5.20", }, ], }, { product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.35 through 5.20", }, ], }, { product: "VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.35 through 5.20", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-24T02:10:12", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@zyxel.com.tw", ID: "CVE-2022-0734", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "USG/ZyWALL series firmware", version: { version_data: [ { version_value: "4.35 through 4.70", }, ], }, }, { product_name: "USG FLEX series firmware", version: { version_data: [ { version_value: "4.50 through 5.20", }, ], }, }, { product_name: "ATP series firmware", version: { version_data: [ { version_value: "4.35 through 5.20", }, ], }, }, { product_name: "VPN series firmware", version: { version_data: [ { version_value: "4.35 through 5.20", }, ], }, }, ], }, vendor_name: "Zyxel", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.", }, ], }, impact: { cvss: { baseScore: "5.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", refsource: "CONFIRM", url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2022-0734", datePublished: "2022-05-24T02:10:12", dateReserved: "2022-02-23T00:00:00", dateUpdated: "2024-08-02T23:40:03.547Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-9054
Vulnerability from cvelistv5
Published
2020-03-04 19:30
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
References
▼ | URL | Tags |
---|---|---|
https://cwe.mitre.org/data/definitions/78.html | x_refsource_MISC | |
https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml | x_refsource_CONFIRM | |
https://kb.cert.org/vuls/id/498544/ | third-party-advisory, x_refsource_CERT-VN | |
https://kb.cert.org/artifacts/cve-2020-9054.html | x_refsource_MISC | |
https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ZyXEL | NAS326 |
Version: V5.21(AAZF.7)C0 < |
||||||||||||||||||||||||||||||||||||||||||||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:19:19.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cwe.mitre.org/data/definitions/78.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml", }, { name: "VU#498544", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://kb.cert.org/vuls/id/498544/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.cert.org/artifacts/cve-2020-9054.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NAS326", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V5.21(AAZF.7)C0", status: "affected", version: "V5.21(AAZF.7)C0", versionType: "custom", }, ], }, { product: "NAS520", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V5.21(AASZ.3)C0", status: "affected", version: "V5.21(AASZ.3)C0", versionType: "custom", }, ], }, { product: "NAS540", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V5.21(AATB.4)C0", status: "affected", version: "V5.21(AATB.4)C0", versionType: "custom", }, ], }, { product: "NAS542", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V5.21(ABAG.4)C0", status: "affected", version: "V5.21(ABAG.4)C0", versionType: "custom", }, ], }, { product: "NSA210", vendor: "ZyXEL", versions: [ { status: "affected", version: "all", }, ], }, { product: "NSA220", vendor: "ZyXEL", versions: [ { status: "affected", version: "all", }, ], }, { product: "NSA220+", vendor: "ZyXEL", versions: [ { status: "affected", version: "all", }, ], }, { product: "NSA221", vendor: "ZyXEL", versions: [ { status: "affected", version: "all", }, ], }, { product: "NSA310", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V4.75(AALH.2)C0", status: "affected", version: "V4.75(AALH.2)C0", versionType: "custom", }, ], }, { product: "NSA320", vendor: "ZyXEL", versions: [ { status: "affected", version: "all", }, ], }, { product: "NSA320S", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V4.75(AANV.2)C0", status: "affected", version: "V4.75(AANV.2)C0", versionType: "custom", }, ], }, { product: "NSA325", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V4.81(AAAJ.1)C0", status: "affected", version: "V4.81(AAAJ.1)C0", versionType: "custom", }, ], }, { product: "NSA325v2", vendor: "ZyXEL", versions: [ { lessThanOrEqual: "V4.81(AALS.1)C0", status: "affected", version: "V4.81(AALS.1)C0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Thanks to Alex Holden of Hold Security for finding and reporting this vulnerability.", }, ], datePublic: "2020-02-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2", }, ], exploits: [ { lang: "en", value: "https://kb.cert.org/artifacts/cve-2020-9054.html", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-04T19:30:18", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cwe.mitre.org/data/definitions/78.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml", }, { name: "VU#498544", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://kb.cert.org/vuls/id/498544/", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.cert.org/artifacts/cve-2020-9054.html", }, { tags: [ "x_refsource_MISC", ], url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/", }, ], solutions: [ { lang: "en", value: "ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, NAS542, ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100 devices.", }, ], source: { discovery: "UNKNOWN", }, title: "ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi", workarounds: [ { lang: "en", value: "Block access to the ZyXEL device web interface:\n\nThis issue can be mitigated by blocking (for example with a firewall) access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Any machine that can access the ZyXEL web interface should not also be able to access the internet.\n\nRestrict access to vulnerable ZyXEL devices:\n\nDirect exploitation of this vulnerability can be mitigated by restricting access to vulnerable devices. In particular, do not expose such devices directly to the internet. Note however, that it is still possible for attackers to exploit devices that are not directly connected to the internet. For example, by way of viewing a web page.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", DATE_PUBLIC: "2020-02-20T00:00:00.000Z", ID: "CVE-2020-9054", STATE: "PUBLIC", TITLE: "ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NAS326", version: { version_data: [ { version_affected: "<=", version_name: "V5.21(AAZF.7)C0", version_value: "V5.21(AAZF.7)C0", }, ], }, }, { product_name: "NAS520", version: { version_data: [ { version_affected: "<=", version_name: "V5.21(AASZ.3)C0", version_value: "V5.21(AASZ.3)C0", }, ], }, }, { product_name: "NAS540", version: { version_data: [ { version_affected: "<=", version_name: "V5.21(AATB.4)C0", version_value: "V5.21(AATB.4)C0", }, ], }, }, { product_name: "NAS542", version: { version_data: [ { version_affected: "<=", version_name: "V5.21(ABAG.4)C0", version_value: "V5.21(ABAG.4)C0", }, ], }, }, { product_name: "NSA210", version: { version_data: [ { version_affected: "=", version_value: "all", }, ], }, }, { product_name: "NSA220", version: { version_data: [ { version_affected: "=", version_value: "all", }, ], }, }, { product_name: "NSA220+", version: { version_data: [ { version_affected: "=", version_value: "all", }, ], }, }, { product_name: "NSA221", version: { version_data: [ { version_affected: "=", version_value: "all", }, ], }, }, { product_name: "NSA310", version: { version_data: [ { version_affected: "<=", version_name: "V4.75(AALH.2)C0", version_value: "V4.75(AALH.2)C0", }, ], }, }, { product_name: "NSA320", version: { version_data: [ { version_affected: "=", version_value: "all", }, ], }, }, { product_name: "NSA320S", version: { version_data: [ { version_affected: "<=", version_name: "V4.75(AANV.2)C0", version_value: "V4.75(AANV.2)C0", }, ], }, }, { product_name: "NSA325", version: { version_data: [ { version_affected: "<=", version_name: "V4.81(AAAJ.1)C0", version_value: "V4.81(AAAJ.1)C0", }, ], }, }, { product_name: "NSA325v2", version: { version_data: [ { version_affected: "<=", version_name: "V4.81(AALS.1)C0", version_value: "V4.81(AALS.1)C0", }, ], }, }, ], }, vendor_name: "ZyXEL", }, ], }, }, credit: [ { lang: "eng", value: "Thanks to Alex Holden of Hold Security for finding and reporting this vulnerability.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2", }, ], }, exploit: [ { lang: "en", value: "https://kb.cert.org/artifacts/cve-2020-9054.html", }, ], generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 OS Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://cwe.mitre.org/data/definitions/78.html", refsource: "MISC", url: "https://cwe.mitre.org/data/definitions/78.html", }, { name: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml", refsource: "CONFIRM", url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml", }, { name: "VU#498544", refsource: "CERT-VN", url: "https://kb.cert.org/vuls/id/498544/", }, { name: "https://kb.cert.org/artifacts/cve-2020-9054.html", refsource: "MISC", url: "https://kb.cert.org/artifacts/cve-2020-9054.html", }, { name: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/", refsource: "MISC", url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/", }, ], }, solution: [ { lang: "en", value: "ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, NAS542, ATP100, ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200, VPN50, VPN100, VPN300, VPN1000, ZyWALL110, ZyWALL310, and ZyWALL1100 devices.", }, ], source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Block access to the ZyXEL device web interface:\n\nThis issue can be mitigated by blocking (for example with a firewall) access to the web interface (80/tcp and 443/tcp) of any vulnerable ZyXEL device. Any machine that can access the ZyXEL web interface should not also be able to access the internet.\n\nRestrict access to vulnerable ZyXEL devices:\n\nDirect exploitation of this vulnerability can be mitigated by restricting access to vulnerable devices. In particular, do not expose such devices directly to the internet. Note however, that it is still possible for attackers to exploit devices that are not directly connected to the internet. For example, by way of viewing a web page.", }, ], }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2020-9054", datePublished: "2020-03-04T19:30:18.400802Z", dateReserved: "2020-02-18T00:00:00", dateUpdated: "2024-09-16T17:14:38.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29583
Vulnerability from cvelistv5
Published
2020-12-22 00:00
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zyxel.com/support/security_advisories.shtml", }, { tags: [ "x_transferred", ], url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf", }, { tags: [ "x_transferred", ], url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15", }, { tags: [ "x_transferred", ], url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release", }, { tags: [ "x_transferred", ], url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html", }, { tags: [ "x_transferred", ], url: "https://www.zyxel.com/support/CVE-2020-29583.shtml", }, { tags: [ "x_transferred", ], url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-28T00:43:07.540036", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.zyxel.com/support/security_advisories.shtml", }, { url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf", }, { url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15", }, { url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release", }, { url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html", }, { url: "https://www.zyxel.com/support/CVE-2020-29583.shtml", }, { url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29583", datePublished: "2020-12-22T00:00:00", dateReserved: "2020-12-06T00:00:00", dateUpdated: "2024-08-04T16:55:10.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0910
Vulnerability from cvelistv5
Published
2022-05-24 02:20
Modified
2024-08-02 23:47
Severity ?
EPSS score ?
Summary
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
References
▼ | URL | Tags |
---|---|---|
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Zyxel | USG/ZyWALL series firmware |
Version: 4.32 through 4.71 |
||||||||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:47:42.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "USG/ZyWALL series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.32 through 4.71", }, ], }, { product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.50 through 5.21", }, ], }, { product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.32 through 5.21", }, ], }, { product: "VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.32 through 5.21", }, ], }, ], descriptions: [ { lang: "en", value: "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287: Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-24T02:20:13", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@zyxel.com.tw", ID: "CVE-2022-0910", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "USG/ZyWALL series firmware", version: { version_data: [ { version_value: "4.32 through 4.71", }, ], }, }, { product_name: "USG FLEX series firmware", version: { version_data: [ { version_value: "4.50 through 5.21", }, ], }, }, { product_name: "ATP series firmware", version: { version_data: [ { version_value: "4.32 through 5.21", }, ], }, }, { product_name: "VPN series firmware", version: { version_data: [ { version_value: "4.32 through 5.21", }, ], }, }, ], }, vendor_name: "Zyxel", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.", }, ], }, impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-287: Improper Authentication", }, ], }, ], }, references: { reference_data: [ { name: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", refsource: "CONFIRM", url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2022-0910", datePublished: "2022-05-24T02:20:13", dateReserved: "2022-03-10T00:00:00", dateUpdated: "2024-08-02T23:47:42.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-26531
Vulnerability from cvelistv5
Published
2022-05-24 00:00
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Zyxel | USG/ZyWALL series firmware |
Version: 4.09 through 4.71 |
||||||||||||||||||||||||||||||||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:03:33.155Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "USG/ZyWALL series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.09 through 4.71", }, ], }, { product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.50 through 5.21", }, ], }, { product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.32 through 5.21", }, ], }, { product: "VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "4.30 through 5.21", }, ], }, { product: "NSG series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "1.00 through 1.33 Patch 4", }, ], }, { product: "NXC2500 firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.10(AAIG.3)", }, ], }, { product: "NAP203 firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.25(ABFA.7)", }, ], }, { product: "NWA50AX firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.25(ABYW.5)", }, ], }, { product: "WAC500 firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.30(ABVS.2)", }, ], }, { product: "WAX510D firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "<= 6.30(ABTF.2)", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-09T18:05:56.732587", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { name: "20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, { url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html", }, ], }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2022-26531", datePublished: "2022-05-24T00:00:00", dateReserved: "2022-03-07T00:00:00", dateUpdated: "2024-08-03T05:03:33.155Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-05-24 03:15
Modified
2024-11-21 06:39
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9EB7ECE1-BA79-4F6B-92E6-72EAD8C1A89D", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF538EAF-7694-4953-86AE-4F12F8B88315", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0C3D7EC0-7209-4E60-8A2F-A23CF47A4794", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "14C64F26-4FFF-4102-9D06-EFD9E4921580", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C6BE3BA8-E117-4C98-9221-502DA903CA27", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "25040B80-E884-44F4-902E-A8F2E27C25C6", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CED15A33-FB60-44CD-978C-9D1FBD3CE5E0", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "27A45A78-3301-49BE-A1B1-47DC5596012B", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "913F6F7E-2D5B-4684-83C8-7929C0E385F7", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5788E87A-A69D-4EB8-BBA9-99DEFABFA2A6", versionEndIncluding: "5.20", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D2766165-4833-4744-BE12-D4D92C0337F2", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*", matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7CC99D50-3D1A-444F-949A-A7BBF664233F", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*", matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "641BB3FE-BC96-494C-A6E4-A033365E691E", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*", matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D1316118-0B3F-4C87-A44E-B9571A381009", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*", matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C24C8004-00BB-4AC1-978C-9D7FA036729F", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BC603F1A-561C-4602-AE82-FF40E876F9A1", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F47477FF-6AAC-4517-8271-FE03B5E4E2E9", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*", matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "555D068D-8855-420A-BD1B-08F4926FF02A", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*", matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "378B84DA-D2E8-4EA3-B659-88E9F25811EB", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*", matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EEC9EE6F-F6B1-48C5-8646-CBDBA2A495D5", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*", matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "75048E46-0CB5-4300-A5E4-CBCE5FE67BCF", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*", matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "293C6F8B-51F7-44A5-ACAD-10586C9EB610", versionEndIncluding: "5.20", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "05959C9F-4209-4B0B-81DD-6C98BFC43F7B", versionEndIncluding: "5.20", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B4F8A08F-8531-444E-BE70-6C0096BE8CAC", versionEndIncluding: "5.20", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8553EF99-5F25-4F96-840C-1D5146C9CAF9", versionEndIncluding: "5.20", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2F72A1-7D2D-4BC3-8440-937435507F5C", versionEndIncluding: "5.20", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5046F464-AA4F-47D9-9050-CF0A5C9E6C9C", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ECB8D8BC-4FEE-434C-AB4E-E847051B1919", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*", matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63BEED27-C36F-4245-9218-C10DED73A9C2", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*", matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F504210A-CDA6-4C30-98FC-707870E37E05", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*", matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FA7DB6C7-035B-4421-94A3-87F431BFA324", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*", matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6E0DD5-DA40-4672-A6DD-A98145DCC86A", versionEndIncluding: "4.70", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*", matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.", }, { lang: "es", value: "Se identificó una vulnerabilidad de tipo cross-site scripting en el programa CGI de Zyxel USG/ZyWALL series versiones de firmware 4.35 hasta 4.70 , USG FLEX series versiones de firmware 4.50 hasta 5.20, ATP series versiones de firmware 4.35 hasta 5.20 y VPN series versiones de firmware 4.35 hasta 5.20, que podría permitir a un atacante obtener alguna información almacenada en el navegador del usuario, como cookies o tokens de sesión, por medio de un script malicioso", }, ], id: "CVE-2022-0734", lastModified: "2024-11-21T06:39:17.163", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@zyxel.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-24T03:15:09.093", references: [ { source: "security@zyxel.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], sourceIdentifier: "security@zyxel.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@zyxel.com.tw", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-24 03:15
Modified
2024-11-21 06:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "644EA277-0CC7-4B0F-A8D0-C0A976DD36D1", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EE95F0D6-C1FF-4ADF-9FFE-04E6DB3A9493", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E4A5619A-D50B-4ABD-809F-CA8CE1AE022F", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "86633419-26A8-4E36-8DFC-4776E473263D", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D636401-CD8D-4D2C-9BEA-1C6F96D2FEA6", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CD3684E5-F119-4BD9-A29A-C35C293BC058", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC4992F-FF30-44E8-9041-4BA082D3549B", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "071225C7-8311-4C89-9633-AE5DB4800B01", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ABF7A7FD-95D3-4343-9CE2-DFF8DBE8D125", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D952940F-FFEF-4480-9BD8-5E7CB1C27B2E", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B9F3DD3-0CE1-4CA8-9FEA-CE8E7915F72E", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*", matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "262CBB27-4D37-4514-BDD8-5FBEB70FEE93", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*", matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E75091F8-B5E1-4338-89BB-EC61A2778A73", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*", matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "58A79FD8-36C9-4CFA-97DF-5B964FE83EDD", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*", matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "446FBCE1-E609-4AF2-B88F-C26B85450310", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C3C82532-B246-4643-B455-51E98557E3C9", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "77A820ED-4923-41A6-80A8-AC2CABE2A3F1", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*", matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5DCF17FE-34AC-4B11-838F-F404AD94BA18", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*", matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E8169626-F4B1-465B-9D12-D2A70325EA33", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*", matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3B2D1B5-CA4F-49C5-AE99-F4688D67DF0A", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*", matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "38C653B9-FCE7-407C-816E-1151166F76FF", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*", matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "19D358C5-E3CE-4362-94C2-6C8715AB9D54", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B18C8637-E459-482F-B977-7BA1A3D99CA7", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0015FD08-61BF-4022-9F84-12010EA1D5A9", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E4B752C-2CAD-4A72-9660-27B57B3EB7FC", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "39FCAC29-3FD8-49DF-A216-3393D9724DA7", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69172196-EAC7-4CF9-80D2-B2ED91629960", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85D942A4-01F0-4E20-AF54-0A4E1CD0DC78", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*", matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D274E9A-2DB3-4B3D-855E-B7771A790ACF", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*", matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C72FB960-E2DB-416C-91E7-3E33E2849BA9", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*", matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "083DC7BD-39ED-4A36-A6D6-42E0293AD171", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*", matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C69C75B1-1EC2-4A00-A4D9-8AF1945C03CA", versionEndIncluding: "4.71", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*", matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad en el programa CGI de Zyxel USG/ZyWALL versiones de firmware 4.32 hasta 4.71, USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series versiones de firmware 4.32 hasta 5.21, y VPN series versiones de firmware 4.32 hasta 5.21, que podría permitir a un atacante autenticado omitir la segunda fase de autenticación para conectarse al servidor VPN IPsec aunque la autenticación de dos factores (2FA) estuviera habilitada", }, ], id: "CVE-2022-0910", lastModified: "2024-11-21T06:39:39.087", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zyxel.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-24T03:15:09.150", references: [ { source: "security@zyxel.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], sourceIdentifier: "security@zyxel.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "security@zyxel.com.tw", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-24 06:15
Modified
2024-11-21 06:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "286FA4D2-DD37-4EFD-BCC4-98791B7E4F74", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "441EB008-4265-4569-A7B0-A5CAF0CA6B70", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFF1F98B-2B0C-46C6-AE43-EB652BA0800C", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B6387BE-5DED-4D27-AACC-1F42DCB90A40", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D636401-CD8D-4D2C-9BEA-1C6F96D2FEA6", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CD3684E5-F119-4BD9-A29A-C35C293BC058", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC4992F-FF30-44E8-9041-4BA082D3549B", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "071225C7-8311-4C89-9633-AE5DB4800B01", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ABF7A7FD-95D3-4343-9CE2-DFF8DBE8D125", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D952940F-FFEF-4480-9BD8-5E7CB1C27B2E", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "55B9C186-0EF6-457D-A865-93BEE28C03DB", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*", matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D64DDA0B-FB12-49DA-818A-77D61B6328EB", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*", matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F944352D-3F2E-4E67-9B0C-FCA488F49FDB", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*", matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "18A8D2A1-CA75-4DAE-8C78-67E2588AD037", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*", matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC6943C7-8559-414D-9A6A-865EEFBF223C", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0597A0E-9416-4D2E-BAF5-BEFAAE1BB93E", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B139EC4B-07CA-4D2C-8FBB-5C03F67ED169", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*", matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07F551AE-EB73-4B97-AFBA-23A201FBAA02", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*", matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E469A8A0-D909-4713-ABA8-F2589452E193", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*", matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "25670F1E-F6BA-4B2C-957F-4DCF1B112DBD", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*", matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "095FB855-F923-41C8-A3C7-E252FCD57EB5", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*", matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "19D358C5-E3CE-4362-94C2-6C8715AB9D54", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B18C8637-E459-482F-B977-7BA1A3D99CA7", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0015FD08-61BF-4022-9F84-12010EA1D5A9", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E4B752C-2CAD-4A72-9660-27B57B3EB7FC", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "39FCAC29-3FD8-49DF-A216-3393D9724DA7", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "11A390EA-14B4-4A83-9215-2A8EEF10A564", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F4C6D9E-87AB-4BEB-A9CF-EA767FC25437", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*", matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "96C73B83-E2B8-402A-BC4F-4044D16F6D2C", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*", matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5C95C785-5428-405C-A1DE-1E2202556178", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*", matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FB666972-E152-45A6-BF0F-2F442565A9A9", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*", matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9B39851C-29CA-4C74-8A3D-BA8AFB22D889", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*", matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1A4A4415-2061-4BB3-B8AF-F492B4935F5F", versionEndExcluding: "1.33", versionStartIncluding: "1.00", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:-:*:*:*:*:*:*", matchCriteriaId: "D43F6C03-E7EE-43B9-81B7-2B298134A591", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch1:*:*:*:*:*:*", matchCriteriaId: "8872BA61-9164-48EC-8D7B-C41FCE76F32C", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch2:*:*:*:*:*:*", matchCriteriaId: "83FD24D6-959A-41D1-B7A3-6D06205EA8C9", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch3:*:*:*:*:*:*", matchCriteriaId: "CB5660D2-3C80-42CF-B91C-61212B1EA351", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch4:*:*:*:*:*:*", matchCriteriaId: "E83EFC74-309F-42BF-A2B5-850184B4BF20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nsg300:-:*:*:*:*:*:*:*", matchCriteriaId: "58B0886D-9AF4-453F-96DB-7ABAA5EE3B78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66EEF757-9B89-4D05-93DC-0B35CB5578AA", versionEndExcluding: "1.33", versionStartIncluding: "1.00", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:-:*:*:*:*:*:*", matchCriteriaId: "70DE2243-00D1-4C94-B53B-659F48BAFF08", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch1:*:*:*:*:*:*", matchCriteriaId: "E0722C8A-DACE-4FC8-8197-678CF4F6E0C9", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch2:*:*:*:*:*:*", matchCriteriaId: "3ED9A278-5B95-4607-B832-A2AB7FB8A9A6", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch3:*:*:*:*:*:*", matchCriteriaId: "DA5E8CF5-C7D8-4827-BE19-AC4EB7E66AC1", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch4:*:*:*:*:*:*", matchCriteriaId: "415A2C9A-005A-433D-A423-F5D9CA6C8A19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nsg100:-:*:*:*:*:*:*:*", matchCriteriaId: "D6C5054F-BCC7-4E00-8786-24F85B2A200E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "734BB40E-9A07-4508-8C49-5A21072691B4", versionEndExcluding: "1.33", versionStartIncluding: "1.00", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:-:*:*:*:*:*:*", matchCriteriaId: "E549004C-F19F-4F2D-8522-849C008B2132", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch1:*:*:*:*:*:*", matchCriteriaId: "013AE5DA-537B-4198-A55C-17FD08F7CB9F", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch2:*:*:*:*:*:*", matchCriteriaId: "E0D0898D-A7C6-441B-A0C8-BA7B5B2E362F", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch3:*:*:*:*:*:*", matchCriteriaId: "D8E83137-D14D-4143-8D38-59787AAE36D3", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch4:*:*:*:*:*:*", matchCriteriaId: "00CB6F78-BA15-489E-BCD8-25CECB8FCBED", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nsg50:-:*:*:*:*:*:*:*", matchCriteriaId: "8B084120-41C6-4F3C-9803-9C178EB4DE91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nxc2500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "099AC2B1-7352-43EC-811A-89937FA1E2E3", versionEndIncluding: "6.10\\(aaig.3\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nxc2500:-:*:*:*:*:*:*:*", matchCriteriaId: "BADED427-DEFF-4213-836B-C8EF0531C39A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nxc5500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "012B7439-FDDB-464D-8D11-AAAF54E9F59A", versionEndIncluding: "6.10\\(aaos.3\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nxc5500:-:*:*:*:*:*:*:*", matchCriteriaId: "5A334B8B-8750-4519-B485-0AB0CECD212B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nap203_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00D41E43-D7BA-4927-9966-2847E12270E6", versionEndIncluding: "6.25\\(abfa.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nap203:-:*:*:*:*:*:*:*", matchCriteriaId: "80AE2CEA-90AC-421A-86BB-F404CDE7785D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nap303_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93110B5F-CB02-4413-9588-35B47D7A5CE3", versionEndIncluding: "6.25\\(abex.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nap303:-:*:*:*:*:*:*:*", matchCriteriaId: "C4BF5D4C-DB8E-4077-BE78-C73AA203406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nap353_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C44494F9-1ADA-4A3D-8FBA-D0D97C3DACB5", versionEndIncluding: "6.25\\(abey.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nap353:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCEC13E-3D1C-4B42-87F5-94FE1066C218", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A696580F-3993-4653-B48E-AAB7D1A2B7DC", versionEndIncluding: "6.25\\(abyw.5\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", matchCriteriaId: "2806A3B3-8F13-4170-B284-8809E3502044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E809B8FE-DBF8-4B7F-B33E-939750D08617", versionEndIncluding: "6.25\\(abzl.5\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", matchCriteriaId: "B7440976-5CB4-40BE-95C2-98EF4B888109", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "554C9C1E-EE3C-4BD7-95CF-9748167EA691", versionEndIncluding: "6.27\\(accv.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", matchCriteriaId: "3A903978-737E-4266-A670-BC94E32CAF96", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDFAECE0-C011-4488-89A8-249972CA0773", versionEndIncluding: "6.30\\(abtg.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", matchCriteriaId: "6A3F9232-F988-4428-9898-4F536123CE88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5DD8FF80-E4B1-4521-B2D3-B2B4B4049A14", versionEndIncluding: "6.30\\(abtd.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB129F9-64D8-43C2-9366-51EBDF419F5F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1123-ac-hd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF0819A0-7616-467F-BF17-59302EADCA0C", versionEndIncluding: "6.25\\(abin.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1123-ac-hd:-:*:*:*:*:*:*:*", matchCriteriaId: "27F719D3-0D19-4D92-9570-4B1A48AD5670", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1123-ac-pro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "858A8B50-515B-4CD3-B07C-3633EE605CC9", versionEndIncluding: "6.25\\(abhd.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1123-ac-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "9DC66B07-67FB-47F6-B54B-E40BE89F33A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF0C532C-D263-4EDA-8127-0CE61A02353A", versionEndIncluding: "6.30\\(abvt.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", matchCriteriaId: "36C13E7F-2186-4587-83E9-57B05A7147B7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1302-ac_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A9DF9C2-7BD9-456D-8D27-DD6966A0B4AA", versionEndIncluding: "6.25\\(abku.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1302-ac:-:*:*:*:*:*:*:*", matchCriteriaId: "EFA514BB-B688-4EBD-9530-F5112F7503F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa5123-ac-hd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A775E4A-4672-494E-A5A4-D906180092FA", versionEndIncluding: "6.25\\(abim.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa5123-ac-hd:-:*:*:*:*:*:*:*", matchCriteriaId: "1808BC03-AE4E-4AB7-996D-89081808720B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "528A7200-2884-4849-82EC-516A6BAB9DD2", versionEndIncluding: "6.30\\(abwa.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", matchCriteriaId: "1A1FD502-4F62-4C77-B3BC-E563B24F0067", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD646A37-5CE7-4B9D-9F9A-0443F5A35047", versionEndIncluding: "6.30\\(abvs.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", matchCriteriaId: "7C024551-F08F-4152-940D-1CF8BCD79613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac5302d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EC5ABF47-C899-4C1B-AFFB-11F37B2CA1B2", versionEndIncluding: "6.10\\(abfh.10\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac5302d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "E4AA4FC1-E3E4-499F-B0C1-22B738DA4DA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac5302d-sv2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97843B29-E50B-4451-8583-9120A30908D4", versionEndIncluding: "6.25\\(abvz.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac5302d-sv2:-:*:*:*:*:*:*:*", matchCriteriaId: "A690501F-DC2D-4F90-ABC0-33B5F1279C36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4DDC631C-0510-4E30-B896-B218ABE618AA", versionEndIncluding: "6.25\\(aaxh.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*", matchCriteriaId: "341DB051-7F01-4B36-BA15-EBC25FACB439", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6303d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0126F87D-14E9-402B-975A-FB11855D1E6C", versionEndIncluding: "6.25\\(abgl.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F08117-0BCE-4EA1-8DA7-1AC4EFF67E2F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6502d-e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C5701D95-35AC-489B-8348-E3AC32D1626D", versionEndIncluding: "6.25\\(aasd.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6502d-e:-:*:*:*:*:*:*:*", matchCriteriaId: "FD8842C8-FB0A-46F0-9BB4-CAC6334D1E51", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00AA8697-6B5D-439C-8E9A-B0B1EBDF1496", versionEndIncluding: "6.25\\(aase.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "DD108388-ABE5-4142-910F-C3C8B1C13617", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C7ADC5F9-B1CE-474A-958F-F6267507A5E1", versionEndIncluding: "6.25\\(aasf.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "4DFDF64A-17F5-4F05-8700-DCA36CCB6F2B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6553d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A467110-CF4D-45CB-8855-EBA5D5985294", versionEndIncluding: "6.25\\(aasg.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6553d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "DD45FA01-D2BF-441A-8669-1190F79D206B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "978F6DD8-A04F-4DC0-8497-4F6454FA3235", versionEndIncluding: "6.25\\(abio.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "CD47738A-9001-4CC1-8FED-1D1CFC56F548", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F272586C-292F-409C-9BDB-D9D70C0C3D2A", versionEndIncluding: "6.30\\(abtf.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", matchCriteriaId: "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "86B43BD3-CA22-4D81-9281-78A3B23FAC60", versionEndIncluding: "6.30\\(abte.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", matchCriteriaId: "3518DA0A-2C7B-4979-A457-0826C921B0F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A26EEF52-DC36-4D5C-9E2F-25238615B2BC", versionEndIncluding: "6.30\\(abzd.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", matchCriteriaId: "DC74AAF9-5206-4CEB-9023-6CD4F38AA623", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AAF35E44-DC87-49EC-868A-C721CC4FFD3B", versionEndIncluding: "6.30\\(abrm.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", matchCriteriaId: "D784994E-E2CE-4328-B490-D9DC195A53DB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.", }, { lang: "es", value: "Una vulnerabilidad de inyección de argumentos en el comando CLI \"packet-trace\" de Zyxel USG/ZyWALL versiones 4.09 hasta 4.71, USG FLEX series versiones 4.50 hasta 5.21, ATP series versiones 4.32 hasta 5.21, VPN series versiones 4.30 hasta 5.21, NSG series versiones 1.00 hasta 1.33 Patch 4, NXC2500 versión de firmware 6.10(AAIG.3 ) y versiones anteriores, NAP203 versión de firmware 6.25(ABFA.7) y versiones anteriores, NWA50AX versión de firmware 6.25(ABYW.5) y versiones anteriores, WAC500 versión de firmware 6.30(ABVS.2) y versiones anteriores, WAX510D versión de firmware 6.30(ABTF.2) y versiones anteriores, que podría permitir a un atacante local autenticado ejecutar comandos arbitrarios del sistema operativo mediante una inclusión de argumentos diseñados en el comando CLI", }, ], id: "CVE-2022-26532", lastModified: "2024-11-21T06:54:07.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "security@zyxel.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-24T06:15:09.390", references: [ { source: "security@zyxel.com.tw", url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, { source: "security@zyxel.com.tw", url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { source: "security@zyxel.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], sourceIdentifier: "security@zyxel.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-88", }, ], source: "security@zyxel.com.tw", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-22 22:15
Modified
2024-11-21 05:24
Severity ?
Summary
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.
References
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "660A9038-66FB-4F71-BA50-8ED69C2E2274", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "7239C54F-EC9E-44B4-AE33-1D36E5448219", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20w-vpn_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "E892C61D-80DE-4FA4-9224-1B3C72A31F57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "06D2AD3A-9197-487D-A267-24DE332CC66B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg40_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "29398F33-D8B4-432D-A075-4454DA1B23F0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*", matchCriteriaId: "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg40w_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "BA146A61-7B27-4E48-87C1-A82F45FB692A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*", matchCriteriaId: "0906F3FA-793B-421D-B957-7E9C18C1AEC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg60_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "14F685CA-FBD9-4A00-BB23-BF914DFE41D9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*", matchCriteriaId: "26900300-1325-4C8A-BC3B-A10233B2462A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg60w_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "022CF987-20A8-4450-A8B8-94AF2F2D453E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*", matchCriteriaId: "A5A7555E-BC29-460C-A701-7DCDEAFE67F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg110_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "7540894B-A1EF-40C3-ABD3-D58CDB45622F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*", matchCriteriaId: "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg210_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "6556E988-676D-4E7A-BDC2-A53256548FEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*", matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg310_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "56EF63D0-63DD-4EFD-AE7A-5680710AE573", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*", matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg1100_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "8451A4C8-2023-41A4-81A9-91565CEC6918", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*", matchCriteriaId: "4B68C4BD-3279-47AB-AC2A-7555163B12E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg1900_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "7391C72E-CAB3-4FAD-9FB6-789F48516C26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*", matchCriteriaId: "60F4E816-C4D3-451A-965C-45387D7DEB5B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg2200_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "B3B7B49D-7DB2-4D44-AC55-6B1F828B512D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*", matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:zywall110_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "52922CA2-1C1E-4972-A52E-D9FA84BCC4C1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*", matchCriteriaId: "2347F91E-8AA3-4EB5-AD7F-7602A46C20BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:zywall310_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "C9336382-E759-4869-9B59-57366E176CA2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*", matchCriteriaId: "3A97613C-26EF-481E-9215-197FE7A9D1C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:zywall1100_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "271DE232-FAED-48A1-891C-33A6FDBA9EAA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*", matchCriteriaId: "53A5732E-193B-4017-A434-A76BE80E20D9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "7DC9FE97-6B7D-41E8-879C-572B23CB1105", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100w_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "61489A79-AAF5-4347-9E10-73F139D30EE2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp200_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "BB876002-669D-4052-B1B0-DA8F0B4EC500", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp500_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "3E6231DF-ADB3-43A9-AC3B-C72905584B05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp700_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "DEDC5E3D-2103-4545-8611-B1C49B4B5BAB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp800_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "246B2EF8-6412-4E69-91A5-B394BF4D299F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn50_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "F6A568BA-58D3-400C-9742-8E966C90D83E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn100_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "65E48F65-A408-4A93-BBBC-44D5054D9841", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn300_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "1B2E5F78-7F7B-46BA-A7B1-0A49F4A6509D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "E39AE158-E577-403B-867E-CCD5F8EE5FC5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "14484416-6575-4E23-96A7-F37936F75BAB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "A0597006-8FA7-4622-9C13-AFE9767CADE5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "28D39C78-DD5A-47FB-9590-B79AABA1038B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "438B93F0-7CBF-49E9-B556-CFEFE2E6EED0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:4.60:*:*:*:*:*:*:*", matchCriteriaId: "414BCC73-277B-48FD-8273-B33A780806D0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.", }, { lang: "es", value: "La versión de firmware 4.60 de los dispositivos Zyxel USG contiene una cuenta no documentada (zyfwp) con una contraseña que no puede ser cambiada. La contraseña para esta cuenta se puede encontrar en texto sin cifrar en el firmware. Esta cuenta puede ser usada por alguien para iniciar sesión en el servidor ssh o en la interfaz web con privilegios de administrador", }, ], id: "CVE-2020-29583", lastModified: "2024-11-21T05:24:15.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-22T22:15:14.443", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/CVE-2020-29583.shtml", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/security_advisories.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://ftp.zyxel.com/USG40/firmware/USG40_4.60%28AALA.1%29C0_2.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://businessforum.zyxel.com/discussion/5252/zld-v4-60-revoke-and-wk48-firmware-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://businessforum.zyxel.com/discussion/5254/whats-new-for-zld4-60-patch-1-available-on-dec-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/CVE-2020-29583.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/security_advisories.shtml", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-04 20:15
Modified
2024-11-21 05:39
Severity ?
Summary
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
References
Impacted products
{ cisaActionDue: "2022-04-15", cisaExploitAdd: "2022-03-25", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zyxel Multiple NAS Devices OS Command Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3FEC76CA-9F2C-4A44-93C5-C131E68B9A5E", versionEndExcluding: "5.21\\(aazf.7\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", matchCriteriaId: "E0A01B19-4A91-4FBC-8447-2E854346DAC5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nas520_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09DE98E7-CE8E-4F45-9F1E-4A4345FBD443", versionEndExcluding: "5.21\\(aasz.3\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nas520:-:*:*:*:*:*:*:*", matchCriteriaId: "07B2BA3D-40F0-4D59-8838-B226FAABF27E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "511D5E0C-9110-4505-8DC6-5C06A10CBC20", versionEndExcluding: "5.21\\(aatb.4\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*", matchCriteriaId: "B2F7264C-D32A-4EE9-BADC-78518D762BCA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "608792D0-44B3-4A07-A48C-D3D71F26056D", versionEndExcluding: "5.21\\(abag.4\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*", matchCriteriaId: "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B482F4E-6E1B-45BD-A114-C389E2CD7542", versionEndExcluding: "4.35\\(abps.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0DE3AD47-1C82-4B8B-87F4-E545A7DAFE5C", versionEndExcluding: "4.35\\(abfw.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "352E7F31-76DB-4786-BCC0-E11F43550EB1", versionEndExcluding: "4.35\\(abfu.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "92E70F0C-D446-47B2-809B-D4680DAF13FC", versionEndExcluding: "4.35\\(abiq.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB019CF4-75AA-4CB0-BA44-42BE620C03B3", versionEndExcluding: "4.35\\(abaq.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "7239C54F-EC9E-44B4-AE33-1D36E5448219", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D2C621E3-DD7D-4FD0-AD1F-6D7BFDCA38F7", versionEndExcluding: "4.35\\(abar.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "06D2AD3A-9197-487D-A267-24DE332CC66B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E638CFB-A13D-429D-A8E7-275959673ED6", versionEndExcluding: "4.35\\(aala.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*", matchCriteriaId: "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB73D7EE-6A50-4DA5-B9A3-36E39244FF23", versionEndExcluding: "4.35\\(aalb.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*", matchCriteriaId: "0906F3FA-793B-421D-B957-7E9C18C1AEC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1183A743-F349-4D93-8943-C80F8976A2BE", versionEndExcluding: "4.35\\(aaky.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*", matchCriteriaId: "26900300-1325-4C8A-BC3B-A10233B2462A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4F0D184B-31BB-4808-AF97-03599283F181", versionEndExcluding: "4.35\\(aakz.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*", matchCriteriaId: "A5A7555E-BC29-460C-A701-7DCDEAFE67F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8598C1A4-10CE-4092-9339-217AA27FF14D", versionEndExcluding: "4.35\\(aaph.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg110:-:*:*:*:*:*:*:*", matchCriteriaId: "4834AC5E-884D-4A1C-A39B-B3F4A281E3CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B42E5510-F6BB-40DA-8115-4D324DDCF5B2", versionEndExcluding: "4.35\\(aapi.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*", matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4DE7E2A7-3083-4AB7-ABA8-9EE8585DA1C1", versionEndExcluding: "4.35\\(aapj.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*", matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg1100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DCDB08DB-DFBD-4A3C-86FD-5383D4B60248", versionEndExcluding: "4.35\\(aapk.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg1100:-:*:*:*:*:*:*:*", matchCriteriaId: "4B68C4BD-3279-47AB-AC2A-7555163B12E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg1900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAED492E-9FDD-4F6F-91E0-6EDA3036C725", versionEndExcluding: "4.35\\(aapl.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg1900:-:*:*:*:*:*:*:*", matchCriteriaId: "60F4E816-C4D3-451A-965C-45387D7DEB5B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A54DCF88-38E3-4660-ABC2-829B2DA5C445", versionEndExcluding: "4.35\\(abae.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*", matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4FFB5E9D-75AD-4696-8EDF-A7726B5F2809", versionEndExcluding: "4.35\\(abhl.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E5C5E12-CDDB-4DDF-AAA8-4AB499F5925F", versionEndExcluding: "4.35\\(abfv.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0120A42B-EA67-44DC-BE04-FECF0279187C", versionEndExcluding: "4.35\\(abfc.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A71B4358-0E6F-496E-BFCF-0B368CBD1D09", versionEndExcluding: "4.35\\(abip.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:zywall110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "025A43D2-42C3-4AEC-9C2E-61BAEB428545", versionEndExcluding: "4.35\\(aaaa.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:zywall110:-:*:*:*:*:*:*:*", matchCriteriaId: "2347F91E-8AA3-4EB5-AD7F-7602A46C20BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:zywall310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7FB2E4BB-5684-4081-B9BA-80808E8ADD6F", versionEndExcluding: "4.35\\(aaab.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:zywall310:-:*:*:*:*:*:*:*", matchCriteriaId: "3A97613C-26EF-481E-9215-197FE7A9D1C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:zywall1100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "536BDA9F-4A29-4C59-8C39-F54794BE3026", versionEndExcluding: "4.35\\(aaac.3\\)c0", versionStartIncluding: "4.35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:zywall1100:-:*:*:*:*:*:*:*", matchCriteriaId: "53A5732E-193B-4017-A434-A76BE80E20D9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2", }, { lang: "es", value: "Múltiples dispositivos network-attached storage (NAS) de ZyXEL cuando ejecutan la versión de firmware 5.21 contienen una vulnerabilidad de inyección de comando previa a la autenticación, que puede permitir a un atacante remoto no autenticado ejecutar código arbitrario sobre un dispositivo vulnerable. Los dispositivos NAS de ZyXEL alcanzan la autenticación utilizando el archivo ejecutable CGI weblogin.cgi. Este programa no puede sanear apropiadamente el parámetro username que se le pasó. Si el parámetro de username contiene determinados caracteres, puede permitir una inyección de comandos con los privilegios del servidor web que se ejecuta en el dispositivo ZyXEL. Aunque el servidor web no es ejecutado como el usuario root, los dispositivos ZyXEL incluyen una utilidad setuid que puede ser aprovechada para ejecutar cualquier comando con privilegios root. Como tal, se debe suponer que la explotación de esta vulnerabilidad puede conducir a la ejecución remota de código con privilegios root. Mediante el envío de una petición HTTP POST o GET especialmente diseñada hacia un dispositivo ZyXEL vulnerable, un atacante remoto no autenticado puede ejecutar código arbitrario en el dispositivo. Esto puede presentarse al conectar directamente a un dispositivo si es expuesto directamente a un atacante. Sin embargo, existen maneras de activar tales peticiones diseñadas inclusive si un atacante no posee conectividad directa con dispositivos vulnerables. Por ejemplo, simplemente visitando un sitio web puede comprometer cualquier dispositivo ZyXEL al que se pueda acceder desde el sistema cliente. Los productos afectados incluyen: NAS326 antes de la versión de firmware V5.21(AAZF.7)C0, NAS520 antes de la versión de firmware V5.21(AASZ.3)C0, NAS540 antes de la versión de firmware V5.21(AATB.4)C0 NAS542 antes de la versión de firmware V5.21(ABAG.4)C0. ZyXEL ha puesto a disposición actualizaciones de firmware para dispositivos NAS326, NAS520, NAS540 y NAS542. Modelos afectados que se encuentran en el final del soporte: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 y NSA325v2.", }, ], id: "CVE-2020-9054", lastModified: "2024-11-21T05:39:54.583", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-04T20:15:10.750", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://cwe.mitre.org/data/definitions/78.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://kb.cert.org/artifacts/cve-2020-9054.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://kb.cert.org/vuls/id/498544/", }, { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cwe.mitre.org/data/definitions/78.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://kb.cert.org/artifacts/cve-2020-9054.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://kb.cert.org/vuls/id/498544/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "cret@cert.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-24 06:15
Modified
2024-11-21 06:54
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "286FA4D2-DD37-4EFD-BCC4-98791B7E4F74", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", matchCriteriaId: "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "441EB008-4265-4569-A7B0-A5CAF0CA6B70", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", matchCriteriaId: "EECD311A-4E96-4576-AADF-47291EDE3559", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFF1F98B-2B0C-46C6-AE43-EB652BA0800C", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", matchCriteriaId: "3C45C303-1A95-4245-B242-3AB9B9106CD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3B6387BE-5DED-4D27-AACC-1F42DCB90A40", versionEndIncluding: "5.21", versionStartIncluding: "4.30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", matchCriteriaId: "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0D636401-CD8D-4D2C-9BEA-1C6F96D2FEA6", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", matchCriteriaId: "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CD3684E5-F119-4BD9-A29A-C35C293BC058", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", matchCriteriaId: "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC4992F-FF30-44E8-9041-4BA082D3549B", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", matchCriteriaId: "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "071225C7-8311-4C89-9633-AE5DB4800B01", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", matchCriteriaId: "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ABF7A7FD-95D3-4343-9CE2-DFF8DBE8D125", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", matchCriteriaId: "0B41F437-855B-4490-8011-DF59887BE6D5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D952940F-FFEF-4480-9BD8-5E7CB1C27B2E", versionEndIncluding: "5.21", versionStartIncluding: "4.32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", matchCriteriaId: "66B99746-0589-46E6-9CBD-F38619AD97DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "55B9C186-0EF6-457D-A865-93BEE28C03DB", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*", matchCriteriaId: "C7E32879-01A2-49B1-A354-068CEB1CA3A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D64DDA0B-FB12-49DA-818A-77D61B6328EB", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*", matchCriteriaId: "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F944352D-3F2E-4E67-9B0C-FCA488F49FDB", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*", matchCriteriaId: "92CE6F04-403B-4A52-A3A5-DD0190CF15D9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "18A8D2A1-CA75-4DAE-8C78-67E2588AD037", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*", matchCriteriaId: "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC6943C7-8559-414D-9A6A-865EEFBF223C", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "6BEA412F-3DA1-4E91-9C74-0666147DABCE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0597A0E-9416-4D2E-BAF5-BEFAAE1BB93E", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*", matchCriteriaId: "32F7F370-C585-45FE-A7F7-40BFF13928CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B139EC4B-07CA-4D2C-8FBB-5C03F67ED169", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*", matchCriteriaId: "38B7995C-80E0-413B-9F2C-387EF3703927", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07F551AE-EB73-4B97-AFBA-23A201FBAA02", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*", matchCriteriaId: "D84DDB81-DE66-4427-8833-633B45A45A14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E469A8A0-D909-4713-ABA8-F2589452E193", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*", matchCriteriaId: "8F11F36C-60DB-4D81-A320-53EEE43758C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "25670F1E-F6BA-4B2C-957F-4DCF1B112DBD", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*", matchCriteriaId: "C65DB5E9-2FE3-4807-970E-A42FDF82B50E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "095FB855-F923-41C8-A3C7-E252FCD57EB5", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*", matchCriteriaId: "82864EF6-B63D-4947-A18C-AE0156CCA7FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "19D358C5-E3CE-4362-94C2-6C8715AB9D54", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", matchCriteriaId: "2B30A4C0-9928-46AD-9210-C25656FB43FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B18C8637-E459-482F-B977-7BA1A3D99CA7", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", matchCriteriaId: "D74ABA7E-AA78-4A13-A64E-C44021591B42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0015FD08-61BF-4022-9F84-12010EA1D5A9", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", matchCriteriaId: "F93B6A06-2951-46D2-A7E1-103D7318D612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E4B752C-2CAD-4A72-9660-27B57B3EB7FC", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", matchCriteriaId: "92C697A5-D1D3-4FF0-9C43-D27B18181958", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "39FCAC29-3FD8-49DF-A216-3393D9724DA7", versionEndIncluding: "5.21", versionStartIncluding: "4.50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "11A390EA-14B4-4A83-9215-2A8EEF10A564", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7F15F3-9A55-462F-8AE3-EE71B759DE68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F4C6D9E-87AB-4BEB-A9CF-EA767FC25437", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*", matchCriteriaId: "3F5C3A2C-12EA-4FAE-B088-665A90494685", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "96C73B83-E2B8-402A-BC4F-4044D16F6D2C", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*", matchCriteriaId: "EAFF1122-755A-4531-AA2E-FD6E8478F92F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5C95C785-5428-405C-A1DE-1E2202556178", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*", matchCriteriaId: "231547C3-33B8-42B7-983E-AA3C6CA5D107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FB666972-E152-45A6-BF0F-2F442565A9A9", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*", matchCriteriaId: "CC3082ED-A564-494D-8427-B61F15F6DD88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9B39851C-29CA-4C74-8A3D-BA8AFB22D889", versionEndIncluding: "4.71", versionStartIncluding: "4.09", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*", matchCriteriaId: "F302801D-3720-4598-8458-A8938BD6CB46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1A4A4415-2061-4BB3-B8AF-F492B4935F5F", versionEndExcluding: "1.33", versionStartIncluding: "1.00", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:-:*:*:*:*:*:*", matchCriteriaId: "D43F6C03-E7EE-43B9-81B7-2B298134A591", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch1:*:*:*:*:*:*", matchCriteriaId: "8872BA61-9164-48EC-8D7B-C41FCE76F32C", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch2:*:*:*:*:*:*", matchCriteriaId: "83FD24D6-959A-41D1-B7A3-6D06205EA8C9", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch3:*:*:*:*:*:*", matchCriteriaId: "CB5660D2-3C80-42CF-B91C-61212B1EA351", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg300_firmware:1.33:patch4:*:*:*:*:*:*", matchCriteriaId: "E83EFC74-309F-42BF-A2B5-850184B4BF20", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nsg300:-:*:*:*:*:*:*:*", matchCriteriaId: "58B0886D-9AF4-453F-96DB-7ABAA5EE3B78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66EEF757-9B89-4D05-93DC-0B35CB5578AA", versionEndExcluding: "1.33", versionStartIncluding: "1.00", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:-:*:*:*:*:*:*", matchCriteriaId: "70DE2243-00D1-4C94-B53B-659F48BAFF08", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch1:*:*:*:*:*:*", matchCriteriaId: "E0722C8A-DACE-4FC8-8197-678CF4F6E0C9", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch2:*:*:*:*:*:*", matchCriteriaId: "3ED9A278-5B95-4607-B832-A2AB7FB8A9A6", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch3:*:*:*:*:*:*", matchCriteriaId: "DA5E8CF5-C7D8-4827-BE19-AC4EB7E66AC1", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg100_firmware:1.33:patch4:*:*:*:*:*:*", matchCriteriaId: "415A2C9A-005A-433D-A423-F5D9CA6C8A19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nsg100:-:*:*:*:*:*:*:*", matchCriteriaId: "D6C5054F-BCC7-4E00-8786-24F85B2A200E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "734BB40E-9A07-4508-8C49-5A21072691B4", versionEndExcluding: "1.33", versionStartIncluding: "1.00", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:-:*:*:*:*:*:*", matchCriteriaId: "E549004C-F19F-4F2D-8522-849C008B2132", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch1:*:*:*:*:*:*", matchCriteriaId: "013AE5DA-537B-4198-A55C-17FD08F7CB9F", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch2:*:*:*:*:*:*", matchCriteriaId: "E0D0898D-A7C6-441B-A0C8-BA7B5B2E362F", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch3:*:*:*:*:*:*", matchCriteriaId: "D8E83137-D14D-4143-8D38-59787AAE36D3", vulnerable: true, }, { criteria: "cpe:2.3:o:zyxel:nsg50_firmware:1.33:patch4:*:*:*:*:*:*", matchCriteriaId: "00CB6F78-BA15-489E-BCD8-25CECB8FCBED", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nsg50:-:*:*:*:*:*:*:*", matchCriteriaId: "8B084120-41C6-4F3C-9803-9C178EB4DE91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nxc2500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "099AC2B1-7352-43EC-811A-89937FA1E2E3", versionEndIncluding: "6.10\\(aaig.3\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nxc2500:-:*:*:*:*:*:*:*", matchCriteriaId: "BADED427-DEFF-4213-836B-C8EF0531C39A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nxc5500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "012B7439-FDDB-464D-8D11-AAAF54E9F59A", versionEndIncluding: "6.10\\(aaos.3\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nxc5500:-:*:*:*:*:*:*:*", matchCriteriaId: "5A334B8B-8750-4519-B485-0AB0CECD212B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nap203_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00D41E43-D7BA-4927-9966-2847E12270E6", versionEndIncluding: "6.25\\(abfa.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nap203:-:*:*:*:*:*:*:*", matchCriteriaId: "80AE2CEA-90AC-421A-86BB-F404CDE7785D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nap303_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "93110B5F-CB02-4413-9588-35B47D7A5CE3", versionEndIncluding: "6.25\\(abex.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nap303:-:*:*:*:*:*:*:*", matchCriteriaId: "C4BF5D4C-DB8E-4077-BE78-C73AA203406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nap353_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C44494F9-1ADA-4A3D-8FBA-D0D97C3DACB5", versionEndIncluding: "6.25\\(abey.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nap353:-:*:*:*:*:*:*:*", matchCriteriaId: "3BCEC13E-3D1C-4B42-87F5-94FE1066C218", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A696580F-3993-4653-B48E-AAB7D1A2B7DC", versionEndIncluding: "6.25\\(abyw.5\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*", matchCriteriaId: "2806A3B3-8F13-4170-B284-8809E3502044", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E809B8FE-DBF8-4B7F-B33E-939750D08617", versionEndIncluding: "6.25\\(abzl.5\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*", matchCriteriaId: "B7440976-5CB4-40BE-95C2-98EF4B888109", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "554C9C1E-EE3C-4BD7-95CF-9748167EA691", versionEndIncluding: "6.27\\(accv.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*", matchCriteriaId: "3A903978-737E-4266-A670-BC94E32CAF96", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDFAECE0-C011-4488-89A8-249972CA0773", versionEndIncluding: "6.30\\(abtg.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", matchCriteriaId: "6A3F9232-F988-4428-9898-4F536123CE88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5DD8FF80-E4B1-4521-B2D3-B2B4B4049A14", versionEndIncluding: "6.30\\(abtd.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB129F9-64D8-43C2-9366-51EBDF419F5F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1123-ac-hd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF0819A0-7616-467F-BF17-59302EADCA0C", versionEndIncluding: "6.25\\(abin.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1123-ac-hd:-:*:*:*:*:*:*:*", matchCriteriaId: "27F719D3-0D19-4D92-9570-4B1A48AD5670", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1123-ac-pro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "858A8B50-515B-4CD3-B07C-3633EE605CC9", versionEndIncluding: "6.25\\(abhd.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1123-ac-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "9DC66B07-67FB-47F6-B54B-E40BE89F33A9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF0C532C-D263-4EDA-8127-0CE61A02353A", versionEndIncluding: "6.30\\(abvt.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*", matchCriteriaId: "36C13E7F-2186-4587-83E9-57B05A7147B7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa1302-ac_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A9DF9C2-7BD9-456D-8D27-DD6966A0B4AA", versionEndIncluding: "6.25\\(abku.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa1302-ac:-:*:*:*:*:*:*:*", matchCriteriaId: "EFA514BB-B688-4EBD-9530-F5112F7503F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nwa5123-ac-hd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7A775E4A-4672-494E-A5A4-D906180092FA", versionEndIncluding: "6.25\\(abim.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nwa5123-ac-hd:-:*:*:*:*:*:*:*", matchCriteriaId: "1808BC03-AE4E-4AB7-996D-89081808720B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "528A7200-2884-4849-82EC-516A6BAB9DD2", versionEndIncluding: "6.30\\(abwa.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*", matchCriteriaId: "1A1FD502-4F62-4C77-B3BC-E563B24F0067", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD646A37-5CE7-4B9D-9F9A-0443F5A35047", versionEndIncluding: "6.30\\(abvs.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*", matchCriteriaId: "7C024551-F08F-4152-940D-1CF8BCD79613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac5302d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EC5ABF47-C899-4C1B-AFFB-11F37B2CA1B2", versionEndIncluding: "6.10\\(abfh.10\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac5302d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "E4AA4FC1-E3E4-499F-B0C1-22B738DA4DA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac5302d-sv2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97843B29-E50B-4451-8583-9120A30908D4", versionEndIncluding: "6.25\\(abvz.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac5302d-sv2:-:*:*:*:*:*:*:*", matchCriteriaId: "A690501F-DC2D-4F90-ABC0-33B5F1279C36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6103d-i_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4DDC631C-0510-4E30-B896-B218ABE618AA", versionEndIncluding: "6.25\\(aaxh.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6103d-i:-:*:*:*:*:*:*:*", matchCriteriaId: "341DB051-7F01-4B36-BA15-EBC25FACB439", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6303d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0126F87D-14E9-402B-975A-FB11855D1E6C", versionEndIncluding: "6.25\\(abgl.6\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6303d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F08117-0BCE-4EA1-8DA7-1AC4EFF67E2F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6502d-e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C5701D95-35AC-489B-8348-E3AC32D1626D", versionEndIncluding: "6.25\\(aasd.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6502d-e:-:*:*:*:*:*:*:*", matchCriteriaId: "FD8842C8-FB0A-46F0-9BB4-CAC6334D1E51", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6502d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00AA8697-6B5D-439C-8E9A-B0B1EBDF1496", versionEndIncluding: "6.25\\(aase.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6502d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "DD108388-ABE5-4142-910F-C3C8B1C13617", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6503d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C7ADC5F9-B1CE-474A-958F-F6267507A5E1", versionEndIncluding: "6.25\\(aasf.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6503d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "4DFDF64A-17F5-4F05-8700-DCA36CCB6F2B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6553d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0A467110-CF4D-45CB-8855-EBA5D5985294", versionEndIncluding: "6.25\\(aasg.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6553d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "DD45FA01-D2BF-441A-8669-1190F79D206B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wac6552d-s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "978F6DD8-A04F-4DC0-8497-4F6454FA3235", versionEndIncluding: "6.25\\(abio.7\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wac6552d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "CD47738A-9001-4CC1-8FED-1D1CFC56F548", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F272586C-292F-409C-9BDB-D9D70C0C3D2A", versionEndIncluding: "6.30\\(abtf.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", matchCriteriaId: "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "86B43BD3-CA22-4D81-9281-78A3B23FAC60", versionEndIncluding: "6.30\\(abte.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", matchCriteriaId: "3518DA0A-2C7B-4979-A457-0826C921B0F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A26EEF52-DC36-4D5C-9E2F-25238615B2BC", versionEndIncluding: "6.30\\(abzd.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", matchCriteriaId: "DC74AAF9-5206-4CEB-9023-6CD4F38AA623", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AAF35E44-DC87-49EC-868A-C721CC4FFD3B", versionEndIncluding: "6.30\\(abrm.2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", matchCriteriaId: "D784994E-E2CE-4328-B490-D9DC195A53DB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.", }, { lang: "es", value: "Se han identificado varios fallos de comprobación de entrada inadecuados en algunos comandos CLI de las Zyxel USG/ZyWALL versiones de firmware 4.09 hasta 4.71, USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series versiones de firmware 4.32 hasta 5.21, VPN series versiones de firmware 4.30 a 5.21, NSG series versiones de firmware1.00 hasta 1.33 Patch 4, NXC2500 versión de firmware 6.10(AAIG.3 ) y versiones anteriores, el firmware NAP203 versión 6.25(ABFA.7) y versiones anteriores, NWA50AX versión de firmware 6.25(ABYW.5) y versiones anteriores, WAC500 versión de firmware 6.30(ABVS.2) y versiones anteriores, WAX510D versión de firmware 6.30(ABTF.2) y versiones anteriores, que podría permitir a un atacante local autenticado causar un desbordamiento del búfer o un bloqueo del sistema por medio de una carga útil diseñada", }, ], id: "CVE-2022-26531", lastModified: "2024-11-21T06:54:07.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "security@zyxel.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-24T06:15:09.297", references: [ { source: "security@zyxel.com.tw", url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, { source: "security@zyxel.com.tw", url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html", }, { source: "security@zyxel.com.tw", url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { source: "security@zyxel.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2022/Jun/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", }, ], sourceIdentifier: "security@zyxel.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security@zyxel.com.tw", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }