CVSS: 7.8EPSS: 0%CPEs: 145EXPL: 0CVE-2022-26531 – Zyxel zysh Format String Proof Of Concept
https://notcve.org/view.php?id=CVE-2022-26531
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. Se han identificado varios fallos de comprobación de entrada inadecuados en algunos comandos CLI de las Zyxel USG/ZyWALL versiones de firmware 4.09 hasta 4.71, USG FLEX series versiones de firmware 4.50 hasta 5.21, ATP series versiones de firmware 4.32 hasta 5.21, VPN series versiones de firmware 4.30 a 5.21, NSG series versiones de firmware1.00 hasta 1.33 Patch 4, NXC2500 versión de firmware 6.10(AAIG.3 ) y versiones anteriores, el firmware NAP203 versión 6.25(ABFA.7) y versiones anteriores, NWA50AX versión de firmware 6.25(ABYW.5) y versiones anteriores, WAC500 versión de firmware 6.30(ABVS.2) y versiones anteriores, WAX510D versión de firmware 6.30(ABTF.2) y versiones anteriores, que podría permitir a un atacante local autenticado causar un desbordamiento del búfer o un bloqueo del sistema por medio de una carga útil diseñada Zyxel firewalls, AP controllers, and APs suffer from buffer overflow, format string, and command injection vulnerabilities. • http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html http://seclists.org/fulldisclosure/2022/Jun/15 https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 97%CPEs: 32EXPL: 15CVE-2022-30525 – Zyxel Multiple Firewalls OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. Una vulnerabilidad de inyección de comandos del Sistema Operativo en el programa CGI del firmware Zyxel USG FLEX 100(W) versiones 5.00 hasta 5.21 Parche 1, firmware USG FLEX 200 versiones 5.00 hasta 5.21 Parche 1, firmware USG FLEX 500 versiones 5.00 hasta 5.21 Parche 1, firmware USG FLEX 700 versiones 5.00 hasta 5.21 Parche 1, firmware USG FLEX 50(W) versiones 5. 10 hasta 5.21 Parche 1, firmware USG20(W)-VPN versiones 5.10 hasta 5.21 Parche 1, firmware de la serie ATP versiones 5.10 hasta 5.21 Parche 1, firmware de la serie VPN versiones 4.60 hasta 5.21 Parche 1, lo que podría permitir a un atacante modificar archivos específicos y luego ejecutar algunos comandos del Sistema Operativo en un dispositivo vulnerable Zyxel USG FLEX version 5.21 suffers from a command injection vulnerability. A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. • https://github.com/jbaines-r7/victorian_machinery https://www.exploit-db.com/exploits/50946 https://github.com/shuai06/CVE-2022-30525 https://github.com/west9b/CVE-2022-30525 https://github.com/Henry4E36/CVE-2022-30525 https://github.com/savior-only/CVE-2022-30525 https://github.com/k0sf/CVE-2022-30525 https://github.com/Chocapikk/CVE-2022-30525-Reverse-Shell https://github.com/ProngedFork/CVE-2022-30525 https://github.com/superzerosec/CVE-2022-30525 https://github. • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 6%CPEs: 48EXPL: 0CVE-2022-0342
https://notcve.org/view.php?id=CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. Una vulnerabilidad de omisión de autenticación en el programa CGI de USG/ZyWALL de Zyxel versiones de firmware de las series 4.20 a 4.70, las versiones de firmware de la serie USG FLEX 4.50 a 5.20, las versiones de firmware de la serie ATP 4.32 a 5.20, las versiones de firmware de la serie VPN 4.30 a 5.20 y las versiones de firmware de la serie NSG V1.20 a V1.33 Parche 4, que podría permitir a un atacante omitir la autenticación web y obtener acceso administrativo al dispositivo • https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 74EXPL: 0CVE-2021-35029
https://notcve.org/view.php?id=CVE-2021-35029
An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. Una vulnerabilidad de omisión de la autenticación en la interfaz de administración basada en web de Zyxel USG/Zywall series versiones de firmware 4.35 hasta 4.64 y USG Flex, ATP, y VPN versiones de firmware 4.35 hasta 5.01, que podría permitir a un atacante remoto ejecutar comandos arbitrarios en un dispositivo afectado • https://www.zyxel.com/support/Zyxel_security_advisory_for_attacks_against_security_appliances.shtml • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-29299
https://notcve.org/view.php?id=CVE-2020-29299
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. Determinados productos Zyxel permiten una inyección de comandos por un administrador por medio de una cadena de entrada a la función chg_exp_pwd durante una acción de cambio de contraseña. Esto afecta a VPN local anterior a ZLD versión V4.39 week38, VPN Orchestrator anterior a SD-OS versión V10.03 week32, USG anterior a ZLD versión V4.39 week38, USG FLEX anterior a ZLD versión V4.55 week38, ATP anterior a ZLD versión V4.55 week38, y NSG anterior a versión 1.33 parche 4 • https://www.zyxel.com/support/Zyxel-security-advisory-for-command-injection-vulnerability-of-firewalls.shtml https://www.zyxel.com/us/en/support/security_advisories.shtml • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •