Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-0342
HistoryMar 28, 2022 - 1:15 p.m.

CVE-2022-0342

2022-03-2813:15:07
CWE-287
[email protected]
web.nvd.nist.gov
96
6
cve-2022-0342
zyxel
authentication bypass
vulnerability
firmware
cgi program
usg
zywall
atp
vpn
nsg
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

JSON

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

Affected configurations

NVD
Node
zyxelusg40_firmwareRange4.204.71
AND
zyxelusg40Match-
Node
zyxelusg40w_firmwareRange4.204.71
AND
zyxelusg40wMatch-
Node
zyxelusg60_firmwareRange4.204.71
AND
zyxelusg60Match-
Node
zyxelusg60w_firmwareRange4.204.71
AND
zyxelusg60wMatch-
Node
zyxelzywall_110_firmwareRange4.204.71
AND
zyxelzywall_110Match-
Node
zyxelzywall_310_firmwareRange4.204.71
AND
zyxelzywall_310Match-
Node
zyxelzywall_1100_firmwareRange4.204.71
AND
zyxelzywall_1100Match-
Node
zyxelusg_flex_100_firmwareRange4.505.20
AND
zyxelusg_flex_100Match-
Node
zyxelusg_flex_200_firmwareRange4.505.20
AND
zyxelusg_flex_200Match-
Node
zyxelusg_flex_500Match-
AND
zyxelusg_flex_500_firmwareRange4.505.20
Node
zyxelusg_flex_100wMatch-
AND
zyxelusg_flex_100w_firmwareRange4.505.20
Node
zyxelusg_flex_700_firmwareRange4.505.20
AND
zyxelusg_flex_700Match-
Node
zyxelatp100_firmwareRange4.325.20
AND
zyxelatp100Match-
Node
zyxelatp100w_firmwareRange4.325.20
AND
zyxelatp100wMatch-
Node
zyxelatp200_firmwareRange4.325.20
AND
zyxelatp200Match-
Node
zyxelatp500_firmwareRange4.325.20
AND
zyxelatp500Match-
Node
zyxelatp700_firmwareRange4.325.20
AND
zyxelatp700Match-
Node
zyxelatp800Match-
AND
zyxelatp800_firmwareRange4.325.20
Node
zyxelvpn50Match-
AND
zyxelvpn50_firmwareRange4.305.21
Node
zyxelvpn100Match-
AND
zyxelvpn100_firmwareRange4.305.21
Node
zyxelvpn300Match-
AND
zyxelvpn300_firmwareRange4.305.21
Node
zyxelvpn1000Match-
AND
zyxelvpn1000_firmwareRange4.305.21
Node
zyxelnsg300Match-
AND
zyxelnsg300_firmwareRange1.201.33
OR
zyxelnsg300_firmwareMatch1.33-
OR
zyxelnsg300_firmwareMatch1.33p4

CNA Affected

[
  {
    "product": "USG/ZyWALL series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.20 through 4.70"
      }
    ]
  },
  {
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.20"
      }
    ]
  },
  {
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.32 through 5.20"
      }
    ]
  },
  {
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.30 through 5.20"
      }
    ]
  },
  {
    "product": "NSG series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "1.20 through 1.33 Patch 4"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
nuclei 1
nvd 1
prion 1
hivepro 2
malwarebytes 1
thn 1
cvelist
cvelist
CVE-2022-0342
2022-03-28 12:05:11
nuclei
nuclei
Zyxel - Authentication Bypass
2023-08-18 03:22:06
nvd
nvd
CVE-2022-0342
2022-03-28 13:15:07
prion
prion
Authentication flaw
2022-03-28 13:15:00
hivepro
hivepro
Authentication Bypass Vulnerability in Zyxel Firmware
2022-04-02 00:44:28
Weekly Threat Digest: 28 March – 3 April 2022
2022-04-05 10:11:43
malwarebytes
malwarebytes
Update now! Zyxel patches critical firewall bypass vulnerability
2022-04-04 10:22:29
thn
thn
Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices
2022-04-01 06:02:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

JSON
Related for CVE-2022-0342
cvelist1nuclei1nvd1prion1hivepro2malwarebytes1thn1