CVE-2022-2030
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
Se identificó una vulnerabilidad de salto de directorio causada por secuencias de caracteres específicas dentro de una URL saneada inapropiadamente en algunos programas CGI de las versiones 4.50 a 5.30 del firmware Zyxel USG FLEX 100(W), versiones 4.50 a 5.30 del firmware USG FLEX 200, versiones 4.50 a 5.30 del firmware USG FLEX 500, versiones 4.50 a 5.30 del firmware USG FLEX 700. 30, firmware USG FLEX 50(W) versiones 4.16 a 5.30, firmware USG20(W)-VPN versiones 4.16 a 5.30, firmware de la serie ATP versiones 4.32 a 5.30, firmware de la serie VPN versiones 4.30 a 5.30, firmware de la serie USG/ZyWALL versiones 4.11 a 4.72, que podría permitir a un atacante autenticado acceder a algunos archivos restringidos en un dispositivo vulnerable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-08 CVE Reserved
- 2022-07-19 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | Usg Flex 100w Firmware Search vendor "Zyxel" for product "Usg Flex 100w Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 100w Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 100w Search vendor "Zyxel" for product "Usg Flex 100w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 200 Firmware Search vendor "Zyxel" for product "Usg Flex 200 Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 200 Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 200 Search vendor "Zyxel" for product "Usg Flex 200" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 500 Firmware Search vendor "Zyxel" for product "Usg Flex 500 Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 500 Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 500 Search vendor "Zyxel" for product "Usg Flex 500" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 700 Firmware Search vendor "Zyxel" for product "Usg Flex 700 Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 700 Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 700 Search vendor "Zyxel" for product "Usg Flex 700" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 50w Firmware Search vendor "Zyxel" for product "Usg Flex 50w Firmware" | >= 4.20 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 50w Firmware" and version " >= 4.20 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 50w Search vendor "Zyxel" for product "Usg Flex 50w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg20w-vpn Firmware Search vendor "Zyxel" for product "Usg20w-vpn Firmware" | >= 4.20 <= 5.30 Search vendor "Zyxel" for product "Usg20w-vpn Firmware" and version " >= 4.20 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg20w-vpn Search vendor "Zyxel" for product "Usg20w-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp800 Firmware Search vendor "Zyxel" for product "Atp800 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp800 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp800 Search vendor "Zyxel" for product "Atp800" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp700 Firmware Search vendor "Zyxel" for product "Atp700 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp700 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp700 Search vendor "Zyxel" for product "Atp700" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp500 Firmware Search vendor "Zyxel" for product "Atp500 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp500 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp500 Search vendor "Zyxel" for product "Atp500" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp200 Firmware Search vendor "Zyxel" for product "Atp200 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp200 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp200 Search vendor "Zyxel" for product "Atp200" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp100w Firmware Search vendor "Zyxel" for product "Atp100w Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp100w Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp100w Search vendor "Zyxel" for product "Atp100w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp100 Firmware Search vendor "Zyxel" for product "Atp100 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp100 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp100 Search vendor "Zyxel" for product "Atp100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn1000 Firmware Search vendor "Zyxel" for product "Vpn1000 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn1000 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn1000 Search vendor "Zyxel" for product "Vpn1000" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn300 Firmware Search vendor "Zyxel" for product "Vpn300 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn300 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn300 Search vendor "Zyxel" for product "Vpn300" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn100 Firmware Search vendor "Zyxel" for product "Vpn100 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn100 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn100 Search vendor "Zyxel" for product "Vpn100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn50 Firmware Search vendor "Zyxel" for product "Vpn50 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn50 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn50 Search vendor "Zyxel" for product "Vpn50" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg20-vpn Firmware Search vendor "Zyxel" for product "Usg20-vpn Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Usg20-vpn Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg20-vpn Search vendor "Zyxel" for product "Usg20-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg 2200-vpn Firmware Search vendor "Zyxel" for product "Usg 2200-vpn Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Usg 2200-vpn Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg 2200-vpn Search vendor "Zyxel" for product "Usg 2200-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall 110 Firmware Search vendor "Zyxel" for product "Zywall 110 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Zywall 110 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall 110 Search vendor "Zyxel" for product "Zywall 110" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall 310 Firmware Search vendor "Zyxel" for product "Zywall 310 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Zywall 310 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall 310 Search vendor "Zyxel" for product "Zywall 310" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall 1100 Firmware Search vendor "Zyxel" for product "Zywall 1100 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Zywall 1100 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall 1100 Search vendor "Zyxel" for product "Zywall 1100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40 Firmware Search vendor "Zyxel" for product "Usg40 Firmware" | >= 4.20 <= 4.72 Search vendor "Zyxel" for product "Usg40 Firmware" and version " >= 4.20 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40 Search vendor "Zyxel" for product "Usg40" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40w Firmware Search vendor "Zyxel" for product "Usg40w Firmware" | >= 4.20 <= 4.72 Search vendor "Zyxel" for product "Usg40w Firmware" and version " >= 4.20 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40w Search vendor "Zyxel" for product "Usg40w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60 Firmware Search vendor "Zyxel" for product "Usg60 Firmware" | >= 4.20 <= 4.72 Search vendor "Zyxel" for product "Usg60 Firmware" and version " >= 4.20 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60 Search vendor "Zyxel" for product "Usg60" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60w Firmware Search vendor "Zyxel" for product "Usg60w Firmware" | >= 4.20 <= 4.72 Search vendor "Zyxel" for product "Usg60w Firmware" and version " >= 4.20 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60w Search vendor "Zyxel" for product "Usg60w" | - | - |
Safe
|