Multiple Zyxel devices command execution | CVE-2022-30525
NAME
Multiple Zyxel devices command execution
- Platforms Affected:
Zyxel USG FLEX series firmware ZLD 4.30
Zyxel USG FLEX series firmware ZLD 4.55
Zyxel USG FLEX series firmware 4.60
Zyxel USG FLEX 100(W) ZLD 5.00
Zyxel USG FLEX 200 ZLD 5.00
Zyxel USG FLEX 500 ZLD 5.00
Zyxel USG FLEX 700 ZLD 5.00
Zyxel USG FLEX 50(W) ZLD 5.10
Zyxel USG FLEX USG20(W)-VPN ZLD 5.10
Zyxel ATP series ZLD 5.10
Zyxel VPN series ZLD 5.10 - Risk Level:
9.8 - Exploitability:
Functional - Consequences:
Gain Access
DESCRIPTION
Multiple Zyxel devices could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in the CGI program. By modifying specific files, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Zyxel Web site for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml - Reference Link:
https://packetstormsecurity.com/files/167182
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
