CVSS: 7.8EPSS: 5%CPEs: 145EXPL: 1CVE-2022-26532 – Zyxel Buffer Overflow / Format String / Command Injection
https://notcve.org/view.php?id=CVE-2022-26532
24 May 2022 — A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versi... • https://packetstorm.news/files/id/167464 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 1%CPEs: 145EXPL: 2CVE-2022-26531 – Zyxel zysh Format String Proof of Concept
https://notcve.org/view.php?id=CVE-2022-26531
24 May 2022 — Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earl... • https://packetstorm.news/files/id/177036 • CWE-20: Improper Input Validation •