CVE-2022-30526
Zyxel Firewall SUID Binary Privilege Escalation
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
Se ha identificado una vulnerabilidad de escalada de privilegios en el comando CLI del firmware Zyxel USG FLEX 100(W) versiones 4.50 a 5.30, firmware USG FLEX 200 versiones 4.50 a 5.30, firmware USG FLEX 500 versiones 4.50 a 5.30, firmware USG FLEX 700 versiones 4.50 a 5.30, firmware USG FLEX 50(W) versiones 4.16 a 5. 30, firmware USG20(W)-VPN versiones 4.16 a 5.30, firmware de la serie ATP versiones 4.32 a 5.30, firmware de la serie VPN versiones 4.30 a 5.30, firmware de la serie USG/ZyWALL versiones 4.09 a 4.72, lo que podrĂa permitir a un atacante local ejecutar algunos comandos del sistema operativo con privilegios de root en algunos directorios de un dispositivo vulnerable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-10 CVE Reserved
- 2022-07-19 CVE Published
- 2022-09-01 First Exploit
- 2023-07-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/greek0x0/CVE-2022-30526 | 2022-09-01 | |
| http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html | 2024-08-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | Usg Flex 100w Firmware Search vendor "Zyxel" for product "Usg Flex 100w Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 100w Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 100w Search vendor "Zyxel" for product "Usg Flex 100w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 200 Firmware Search vendor "Zyxel" for product "Usg Flex 200 Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 200 Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 200 Search vendor "Zyxel" for product "Usg Flex 200" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 500 Firmware Search vendor "Zyxel" for product "Usg Flex 500 Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 500 Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 500 Search vendor "Zyxel" for product "Usg Flex 500" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 700 Firmware Search vendor "Zyxel" for product "Usg Flex 700 Firmware" | >= 4.50 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 700 Firmware" and version " >= 4.50 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 700 Search vendor "Zyxel" for product "Usg Flex 700" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 50w Firmware Search vendor "Zyxel" for product "Usg Flex 50w Firmware" | >= 4.16 <= 5.30 Search vendor "Zyxel" for product "Usg Flex 50w Firmware" and version " >= 4.16 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 50w Search vendor "Zyxel" for product "Usg Flex 50w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg20w-vpn Firmware Search vendor "Zyxel" for product "Usg20w-vpn Firmware" | >= 4.16 <= 5.30 Search vendor "Zyxel" for product "Usg20w-vpn Firmware" and version " >= 4.16 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg20w-vpn Search vendor "Zyxel" for product "Usg20w-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp800 Firmware Search vendor "Zyxel" for product "Atp800 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp800 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp800 Search vendor "Zyxel" for product "Atp800" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp700 Firmware Search vendor "Zyxel" for product "Atp700 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp700 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp700 Search vendor "Zyxel" for product "Atp700" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp500 Firmware Search vendor "Zyxel" for product "Atp500 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp500 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp500 Search vendor "Zyxel" for product "Atp500" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp200 Firmware Search vendor "Zyxel" for product "Atp200 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp200 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp200 Search vendor "Zyxel" for product "Atp200" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp100w Firmware Search vendor "Zyxel" for product "Atp100w Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp100w Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp100w Search vendor "Zyxel" for product "Atp100w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp100 Firmware Search vendor "Zyxel" for product "Atp100 Firmware" | >= 4.32 <= 5.30 Search vendor "Zyxel" for product "Atp100 Firmware" and version " >= 4.32 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp100 Search vendor "Zyxel" for product "Atp100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn1000 Firmware Search vendor "Zyxel" for product "Vpn1000 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn1000 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn1000 Search vendor "Zyxel" for product "Vpn1000" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn300 Firmware Search vendor "Zyxel" for product "Vpn300 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn300 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn300 Search vendor "Zyxel" for product "Vpn300" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn100 Firmware Search vendor "Zyxel" for product "Vpn100 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn100 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn100 Search vendor "Zyxel" for product "Vpn100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn50 Firmware Search vendor "Zyxel" for product "Vpn50 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Vpn50 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn50 Search vendor "Zyxel" for product "Vpn50" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg20-vpn Firmware Search vendor "Zyxel" for product "Usg20-vpn Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Usg20-vpn Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg20-vpn Search vendor "Zyxel" for product "Usg20-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg 2200-vpn Firmware Search vendor "Zyxel" for product "Usg 2200-vpn Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Usg 2200-vpn Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg 2200-vpn Search vendor "Zyxel" for product "Usg 2200-vpn" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall 110 Firmware Search vendor "Zyxel" for product "Zywall 110 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Zywall 110 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall 110 Search vendor "Zyxel" for product "Zywall 110" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall 310 Firmware Search vendor "Zyxel" for product "Zywall 310 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Zywall 310 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall 310 Search vendor "Zyxel" for product "Zywall 310" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Zywall 1100 Firmware Search vendor "Zyxel" for product "Zywall 1100 Firmware" | >= 4.30 <= 5.30 Search vendor "Zyxel" for product "Zywall 1100 Firmware" and version " >= 4.30 <= 5.30" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Zywall 1100 Search vendor "Zyxel" for product "Zywall 1100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40 Firmware Search vendor "Zyxel" for product "Usg40 Firmware" | >= 4.09 <= 4.72 Search vendor "Zyxel" for product "Usg40 Firmware" and version " >= 4.09 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40 Search vendor "Zyxel" for product "Usg40" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40w Firmware Search vendor "Zyxel" for product "Usg40w Firmware" | >= 4.09 <= 4.72 Search vendor "Zyxel" for product "Usg40w Firmware" and version " >= 4.09 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40w Search vendor "Zyxel" for product "Usg40w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60 Firmware Search vendor "Zyxel" for product "Usg60 Firmware" | >= 4.09 <= 4.72 Search vendor "Zyxel" for product "Usg60 Firmware" and version " >= 4.09 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60 Search vendor "Zyxel" for product "Usg60" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60w Firmware Search vendor "Zyxel" for product "Usg60w Firmware" | >= 4.09 <= 4.72 Search vendor "Zyxel" for product "Usg60w Firmware" and version " >= 4.09 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60w Search vendor "Zyxel" for product "Usg60w" | - | - |
Safe
|