CVE-2022-0910
https://notcve.org/view.php?id=CVE-2022-0910
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. Se ha detectado una vulnerabilidad en el programa CGI de Zyxel USG/ZyWALL versiones de firmware 4.32 hasta 4.71, USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series versiones de firmware 4.32 hasta 5.21, y VPN series versiones de firmware 4.32 hasta 5.21, que podría permitir a un atacante autenticado omitir la segunda fase de autenticación para conectarse al servidor VPN IPsec aunque la autenticación de dos factores (2FA) estuviera habilitada • https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml • CWE-287: Improper Authentication •
CVE-2022-0734
https://notcve.org/view.php?id=CVE-2022-0734
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. Se identificó una vulnerabilidad de tipo cross-site scripting en el programa CGI de Zyxel USG/ZyWALL series versiones de firmware 4.35 hasta 4.70 , USG FLEX series versiones de firmware 4.50 hasta 5.20, ATP series versiones de firmware 4.35 hasta 5.20 y VPN series versiones de firmware 4.35 hasta 5.20, que podría permitir a un atacante obtener alguna información almacenada en el navegador del usuario, como cookies o tokens de sesión, por medio de un script malicioso • https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-26531 – Zyxel zysh Format String Proof Of Concept
https://notcve.org/view.php?id=CVE-2022-26531
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. Se han identificado varios fallos de comprobación de entrada inadecuados en algunos comandos CLI de las Zyxel USG/ZyWALL versiones de firmware 4.09 hasta 4.71, USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series versiones de firmware 4.32 hasta 5.21, VPN series versiones de firmware 4.30 a 5.21, NSG series versiones de firmware1.00 hasta 1.33 Patch 4, NXC2500 versión de firmware 6.10(AAIG.3 ) y versiones anteriores, el firmware NAP203 versión 6.25(ABFA.7) y versiones anteriores, NWA50AX versión de firmware 6.25(ABYW.5) y versiones anteriores, WAC500 versión de firmware 6.30(ABVS.2) y versiones anteriores, WAX510D versión de firmware 6.30(ABTF.2) y versiones anteriores, que podría permitir a un atacante local autenticado causar un desbordamiento del búfer o un bloqueo del sistema por medio de una carga útil diseñada Zyxel firewalls, AP controllers, and APs suffer from buffer overflow, format string, and command injection vulnerabilities. • http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html http://seclists.org/fulldisclosure/2022/Jun/15 https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml • CWE-20: Improper Input Validation •