Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-26413
HistoryApr 11, 2022 - 1:15 p.m.

CVE-2022-26413

2022-04-1113:15:07
CWE-78
[email protected]
web.nvd.nist.gov
336
zyxel
vmg3312-t20a
firmware
5.30(abfx.5)c0
command injection
vulnerability
lan interface
nvd
cve-2022-26413

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

Affected configurations

NVD
Node
zyxelvmg3312-t20aMatch-
AND
zyxelvmg3312-t20a_firmwareMatch5.30\(abfx.5\)c0
Node
zyxelemg3525-t50bMatch-
AND
zyxelemg3525-t50b_firmwareRange<5.50\(abpm.6\)c0america
OR
zyxelemg3525-t50b_firmwareRange<5.50\(abpm.6\)c0emea
Node
zyxelemg5523-t50bMatch-
AND
zyxelemg5523-t50b_firmwareRange<5.50\(abpm.6\)c0america
OR
zyxelemg5523-t50b_firmwareRange<5.50\(abpm.6\)c0emea
Node
zyxelemg5723-t50kMatch-
AND
zyxelemg5723-t50k_firmwareRange<5.50\(abom.7\)c0
Node
zyxelemg6726-b10aMatch-
AND
zyxelemg6726-b10a_firmwareRange<5.13\(abnp.7\)c0
Node
zyxelvmg1312-t20bMatch-
AND
zyxelvmg1312-t20b_firmwareRange<5.50\(absb.5\)c0
Node
zyxelvmg3625-t50bMatch-
AND
zyxelvmg3625-t50b_firmwareRange<5.50\(abpm.6\)c0
Node
zyxelvmg3927-b50aMatch-
AND
zyxelvmg3927-b50a_firmwareRange<5.17\(abmt.6\)c0
Node
zyxelvmg3927-b50b_firmwareRange<5.13\(ably.7\)c0
AND
zyxelvmg3927-b50bMatch-
Node
zyxelvmg3927-b60a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelvmg3927-b60aMatch-
Node
zyxelvmg3927-t50k_firmwareRange<5.50\(abom.7\)c0
AND
zyxelvmg3927-t50kMatch-
Node
zyxelvmg4927-b50a_firmwareRange<5.13\(ably.7\)c0
AND
zyxelvmg4927-b50aMatch-
Node
zyxelvmg8623-t50b_firmwareRange<5.50\(abpm.6\)c0
AND
zyxelvmg8623-t50bMatch-
Node
zyxelvmg8825-b50a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelvmg8825-b50aMatch-
Node
zyxelvmg8825-b50b_firmwareRange<5.17\(abny.7\)c0
AND
zyxelvmg8825-b50bMatch-
Node
zyxelvmg8825-t50k_firmwareRange<5.50\(abom.7\)c0
AND
zyxelvmg8825-t50kMatch-
Node
zyxelvmg8825-b60a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelvmg8825-b60aMatch-
Node
zyxelvmg8825-b60b_firmwareRange<5.17\(abny.7\)c0
AND
zyxelvmg8825-b60bMatch-
Node
zyxelxmg3927-b50a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelxmg3927-b50aMatch-
Node
zyxelxmg8825-b50a_firmwareRange<5.17\(abmt.6\)c0
AND
zyxelxmg8825-b50aMatch-
Node
zyxeldx5401-b0Match-
AND
zyxeldx5401-b0_firmwareRange<5.17\(abyo.1\)c0
Node
zyxelex3510-b0_firmwareRange<5.17\(abup.4\)c1
AND
zyxelex3510-b0Match-
Node
zyxelex5401-b0_firmwareRange<5.17\(abyo.1\)c0
AND
zyxelex5401-b0Match-
Node
zyxelex5501-b0_firmwareRange<5.17\(abry.2\)c0
AND
zyxelex5501-b0Match-
Node
zyxelax7501-b0_firmwareRange<5.17\(abpc.1\)c0
AND
zyxelax7501-b0Match-
Node
zyxelep240p_firmwareRange<5.40\(abh.0\)c0
AND
zyxelep240pMatch-
Node
zyxelpm7300-t0_firmwareRange<5.42\(acbc.1\)c0
AND
zyxelpm7300-t0Match-
Node
zyxelpmg5317-t20b_firmwareRange<5.40\(abki.4\)c0
AND
zyxelpmg5317-t20bMatch-
Node
zyxelpmg5617ga_firmwareRange<5.40\(abna.2\)c0
AND
zyxelpmg5617gaMatch-
Node
zyxelpmg5617-t20b2_firmwareRange<5.41\(acbb.1\)c0
AND
zyxelpmg5617-t20b2Match-
Node
zyxelpmg5622ga_firmwareRange<5.40\(abnb.2\)c0
AND
zyxelpmg5622gaMatch-
Node
zyxelpx7501-b0_firmwareRange<5.17\(abpc.1\)c0
AND
zyxelpx7501-b0Match-

CNA Affected

[
  {
    "product": "VMG3312-T20A firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.30(ABFX.5)C0"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
thn 1
cvelist
cvelist
CVE-2022-26413
2022-04-11 12:00:19
prion
prion
Command injection
2022-04-11 13:15:00
nvd
nvd
CVE-2022-26413
2022-04-11 13:15:07
thn
thn
Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability
2022-05-13 06:24:00

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for CVE-2022-26413
cvelist1prion1nvd1thn1