CVE-2022-0734

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.

Se identificó una vulnerabilidad de tipo cross-site scripting en el programa CGI de Zyxel USG/ZyWALL series versiones de firmware 4.35 hasta 4.70 , USG FLEX series versiones de firmware 4.50 hasta 5.20, ATP series versiones de firmware 4.35 hasta 5.20 y VPN series versiones de firmware 4.35 hasta 5.20, que podría permitir a un atacante obtener alguna información almacenada en el navegador del usuario, como cookies o tokens de sesión, por medio de un script malicioso

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-23 CVE Reserved
2022-05-24 CVE Published
2023-12-14 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml	2022-06-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zyxel Search vendor "Zyxel"	Vpn100 Firmware Search vendor "Zyxel" for product "Vpn100 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Vpn100 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn100 Search vendor "Zyxel" for product "Vpn100"	-	-	Safe
Zyxel Search vendor "Zyxel"	Vpn1000 Firmware Search vendor "Zyxel" for product "Vpn1000 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Vpn1000 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn1000 Search vendor "Zyxel" for product "Vpn1000"	-	-	Safe
Zyxel Search vendor "Zyxel"	Vpn300 Firmware Search vendor "Zyxel" for product "Vpn300 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Vpn300 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn300 Search vendor "Zyxel" for product "Vpn300"	-	-	Safe
Zyxel Search vendor "Zyxel"	Vpn50 Firmware Search vendor "Zyxel" for product "Vpn50 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Vpn50 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Vpn50 Search vendor "Zyxel" for product "Vpn50"	-	-	Safe
Zyxel Search vendor "Zyxel"	Atp100 Firmware Search vendor "Zyxel" for product "Atp100 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Atp100 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Atp100 Search vendor "Zyxel" for product "Atp100"	-	-	Safe
Zyxel Search vendor "Zyxel"	Atp100w Firmware Search vendor "Zyxel" for product "Atp100w Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Atp100w Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Atp100w Search vendor "Zyxel" for product "Atp100w"	-	-	Safe
Zyxel Search vendor "Zyxel"	Atp200 Firmware Search vendor "Zyxel" for product "Atp200 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Atp200 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Atp200 Search vendor "Zyxel" for product "Atp200"	-	-	Safe
Zyxel Search vendor "Zyxel"	Atp500 Firmware Search vendor "Zyxel" for product "Atp500 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Atp500 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Atp500 Search vendor "Zyxel" for product "Atp500"	-	-	Safe
Zyxel Search vendor "Zyxel"	Atp700 Firmware Search vendor "Zyxel" for product "Atp700 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Atp700 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Atp700 Search vendor "Zyxel" for product "Atp700"	-	-	Safe
Zyxel Search vendor "Zyxel"	Atp800 Firmware Search vendor "Zyxel" for product "Atp800 Firmware"	>= 4.35 <= 5.20 Search vendor "Zyxel" for product "Atp800 Firmware" and version " >= 4.35 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Atp800 Search vendor "Zyxel" for product "Atp800"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 110 Firmware Search vendor "Zyxel" for product "Usg 110 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 110 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 110 Search vendor "Zyxel" for product "Usg 110"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 1100 Firmware Search vendor "Zyxel" for product "Usg 1100 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 1100 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 1100 Search vendor "Zyxel" for product "Usg 1100"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 1900 Firmware Search vendor "Zyxel" for product "Usg 1900 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 1900 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 1900 Search vendor "Zyxel" for product "Usg 1900"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 20w Firmware Search vendor "Zyxel" for product "Usg 20w Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 20w Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 20w Search vendor "Zyxel" for product "Usg 20w"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 20w-vpn Firmware Search vendor "Zyxel" for product "Usg 20w-vpn Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 20w-vpn Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 20w-vpn Search vendor "Zyxel" for product "Usg 20w-vpn"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 2200-vpn Firmware Search vendor "Zyxel" for product "Usg 2200-vpn Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 2200-vpn Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 2200-vpn Search vendor "Zyxel" for product "Usg 2200-vpn"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 310 Firmware Search vendor "Zyxel" for product "Usg 310 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 310 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 310 Search vendor "Zyxel" for product "Usg 310"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 40 Firmware Search vendor "Zyxel" for product "Usg 40 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 40 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 40 Search vendor "Zyxel" for product "Usg 40"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 40w Firmware Search vendor "Zyxel" for product "Usg 40w Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 40w Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 40w Search vendor "Zyxel" for product "Usg 40w"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 60 Firmware Search vendor "Zyxel" for product "Usg 60 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 60 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 60 Search vendor "Zyxel" for product "Usg 60"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg 60w Firmware Search vendor "Zyxel" for product "Usg 60w Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg 60w Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg 60w Search vendor "Zyxel" for product "Usg 60w"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 100 Firmware Search vendor "Zyxel" for product "Usg Flex 100 Firmware"	>= 4.50 <= 5.20 Search vendor "Zyxel" for product "Usg Flex 100 Firmware" and version " >= 4.50 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 100 Search vendor "Zyxel" for product "Usg Flex 100"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 100w Firmware Search vendor "Zyxel" for product "Usg Flex 100w Firmware"	>= 4.50 <= 5.20 Search vendor "Zyxel" for product "Usg Flex 100w Firmware" and version " >= 4.50 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 100w Search vendor "Zyxel" for product "Usg Flex 100w"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 200 Firmware Search vendor "Zyxel" for product "Usg Flex 200 Firmware"	>= 4.50 <= 5.20 Search vendor "Zyxel" for product "Usg Flex 200 Firmware" and version " >= 4.50 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 200 Search vendor "Zyxel" for product "Usg Flex 200"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 500 Firmware Search vendor "Zyxel" for product "Usg Flex 500 Firmware"	>= 4.50 <= 5.20 Search vendor "Zyxel" for product "Usg Flex 500 Firmware" and version " >= 4.50 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 500 Search vendor "Zyxel" for product "Usg Flex 500"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg Flex 700 Firmware Search vendor "Zyxel" for product "Usg Flex 700 Firmware"	>= 4.50 <= 5.20 Search vendor "Zyxel" for product "Usg Flex 700 Firmware" and version " >= 4.50 <= 5.20"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg Flex 700 Search vendor "Zyxel" for product "Usg Flex 700"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg200 Firmware Search vendor "Zyxel" for product "Usg200 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg200 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg200 Search vendor "Zyxel" for product "Usg200"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg20 Firmware Search vendor "Zyxel" for product "Usg20 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg20 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg20 Search vendor "Zyxel" for product "Usg20"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg210 Firmware Search vendor "Zyxel" for product "Usg210 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg210 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg210 Search vendor "Zyxel" for product "Usg210"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg2200 Firmware Search vendor "Zyxel" for product "Usg2200 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg2200 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg2200 Search vendor "Zyxel" for product "Usg2200"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg300 Firmware Search vendor "Zyxel" for product "Usg300 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg300 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg300 Search vendor "Zyxel" for product "Usg300"	-	-	Safe
Zyxel Search vendor "Zyxel"	Usg310 Firmware Search vendor "Zyxel" for product "Usg310 Firmware"	>= 4.35 <= 4.70 Search vendor "Zyxel" for product "Usg310 Firmware" and version " >= 4.35 <= 4.70"	-	Affected	in	Zyxel Search vendor "Zyxel"	Usg310 Search vendor "Zyxel" for product "Usg310"	-	-	Safe