Lucene search

ZyxelCVE-2022-2030

HistoryJul 19, 2022 - 6:15 a.m.

CVE-2022-2030

2022-07-1906:15:08

CWE-22

Zyxel

web.nvd.nist.gov

cve

2022

2030

directory traversal

vulnerability

zyxel

usg flex

cgi

firmware

security

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.

Affected configurations

Nvd

Node

zyxelusg_flex_100wMatch-

AND

zyxelusg_flex_100w_firmwareRange4.50–5.30

Node

zyxelusg_flex_200Match-

AND

zyxelusg_flex_200_firmwareRange4.50–5.30

Node

zyxelusg_flex_500Match-

AND

zyxelusg_flex_500_firmwareRange4.50–5.30

Node

zyxelusg_flex_700Match-

AND

zyxelusg_flex_700_firmwareRange4.50–5.30

Node

zyxelusg_flex_50wMatch-

AND

zyxelusg_flex_50w_firmwareRange4.20–5.30

Node

zyxelusg20w-vpnMatch-

AND

zyxelusg20w-vpn_firmwareRange4.20–5.30

Node

zyxelatp800Match-

AND

zyxelatp800_firmwareRange4.32–5.30

Node

zyxelatp700Match-

AND

zyxelatp700_firmwareRange4.32–5.30

Node

zyxelatp500_firmwareRange4.32–5.30

AND

zyxelatp500Match-

Node

zyxelatp200_firmwareRange4.32–5.30

AND

zyxelatp200Match-

Node

zyxelatp100w_firmwareRange4.32–5.30

AND

zyxelatp100wMatch-

Node

zyxelatp100_firmwareRange4.32–5.30

AND

zyxelatp100Match-

Node

zyxelvpn1000_firmwareRange4.30–5.30

AND

zyxelvpn1000Match-

Node

zyxelvpn300_firmwareRange4.30–5.30

AND

zyxelvpn300Match-

Node

zyxelvpn100_firmwareRange4.30–5.30

AND

zyxelvpn100Match-

Node

zyxelvpn50_firmwareRange4.30–5.30

AND

zyxelvpn50Match-

Node

zyxelusg20-vpn_firmwareRange4.30–5.30

AND

zyxelusg20-vpnMatch-

Node

zyxelusg_2200-vpn_firmwareRange4.30–5.30

AND

zyxelusg_2200-vpnMatch-

Node

zyxelzywall_110_firmwareRange4.30–5.30

AND

zyxelzywall_110Match-

Node

zyxelzywall_310_firmwareRange4.30–5.30

AND

zyxelzywall_310Match-

Node

zyxelzywall_1100_firmwareRange4.30–5.30

AND

zyxelzywall_1100Match-

Node

zyxelusg40_firmwareRange4.20–4.72

AND

zyxelusg40Match-

Node

zyxelusg40w_firmwareRange4.20–4.72

AND

zyxelusg40wMatch-

Node

zyxelusg60_firmwareRange4.20–4.72

AND

zyxelusg60Match-

Node

zyxelusg60w_firmwareRange4.20–4.72

AND

zyxelusg60wMatch-

VendorProductVersionCPE
zyxelusg_flex_100w-cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*
zyxelusg_flex_100w_firmware*cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_200-cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*
zyxelusg_flex_200_firmware*cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_500-cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*
zyxelusg_flex_500_firmware*cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_700-cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*
zyxelusg_flex_700_firmware*cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
zyxelusg_flex_50w-cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*
zyxelusg_flex_50w_firmware*cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	usg_flex_100w	-	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*
zyxel	usg_flex_100w_firmware	*	cpe:2.3:o:zyxel:usg_flex_100w_firmware::::::::
zyxel	usg_flex_200	-	cpe:2.3:h:zyxel:usg_flex_200:-:::::::*
zyxel	usg_flex_200_firmware	*	cpe:2.3:o:zyxel:usg_flex_200_firmware::::::::
zyxel	usg_flex_500	-	cpe:2.3:h:zyxel:usg_flex_500:-:::::::*
zyxel	usg_flex_500_firmware	*	cpe:2.3:o:zyxel:usg_flex_500_firmware::::::::
zyxel	usg_flex_700	-	cpe:2.3:h:zyxel:usg_flex_700:-:::::::*
zyxel	usg_flex_700_firmware	*	cpe:2.3:o:zyxel:usg_flex_700_firmware::::::::
zyxel	usg_flex_50w	-	cpe:2.3:h:zyxel:usg_flex_50w:-:::::::*
zyxel	usg_flex_50w_firmware	*	cpe:2.3:o:zyxel:usg_flex_50w_firmware::::::::

Rows per page:

1-10 of 501

CNA Affected

[
  {
    "product": "USG FLEX 100(W) firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 200 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 700 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.32 through 5.30"
      }
    ]
  },
  {
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.30 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 50(W) firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.30"
      }
    ]
  },
  {
    "product": "USG 20(W)-VPN firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.30"
      }
    ]
  },
  {
    "product": "USG/ZyWALL series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.11 through 4.72"
      }
    ]
  }
]

References

www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON

Related for CVE-2022-2030