CVE-2022-40603
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser.
Una vulnerabilidad de Cross-Site Scripting (XSS) en el programa CGI de las versiones de firmware de la serie Zyxel ZyWALL/USG 4.30 a 4.72, versiones de firmware de la serie VPN 4.30 a 5.31, versiones de firmware de la serie USG FLEX 4.50 a 5.31 y versiones de firmware de la serie ATP 4.32 a 5.31. , lo que podría permitir a un atacante engañar a un usuario para que visite una URL manipulada con el payload XSS. Luego, el atacante podría obtener acceso a cierta información basada en el navegador si el script malicioso se ejecuta en el navegador de la víctima.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-12 CVE Reserved
- 2022-12-06 CVE Published
- 2024-06-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zyxel Search vendor "Zyxel" | Atp800 Firmware Search vendor "Zyxel" for product "Atp800 Firmware" | >= 4.32 <= 5.31 Search vendor "Zyxel" for product "Atp800 Firmware" and version " >= 4.32 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp800 Search vendor "Zyxel" for product "Atp800" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp700 Firmware Search vendor "Zyxel" for product "Atp700 Firmware" | >= 4.32 <= 5.31 Search vendor "Zyxel" for product "Atp700 Firmware" and version " >= 4.32 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp700 Search vendor "Zyxel" for product "Atp700" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp500 Firmware Search vendor "Zyxel" for product "Atp500 Firmware" | >= 4.32 <= 5.31 Search vendor "Zyxel" for product "Atp500 Firmware" and version " >= 4.32 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp500 Search vendor "Zyxel" for product "Atp500" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp200 Firmware Search vendor "Zyxel" for product "Atp200 Firmware" | >= 4.32 <= 5.31 Search vendor "Zyxel" for product "Atp200 Firmware" and version " >= 4.32 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp200 Search vendor "Zyxel" for product "Atp200" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp100 Firmware Search vendor "Zyxel" for product "Atp100 Firmware" | >= 4.32 <= 5.31 Search vendor "Zyxel" for product "Atp100 Firmware" and version " >= 4.32 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp100 Search vendor "Zyxel" for product "Atp100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Atp100w Firmware Search vendor "Zyxel" for product "Atp100w Firmware" | >= 4.32 <= 5.31 Search vendor "Zyxel" for product "Atp100w Firmware" and version " >= 4.32 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Atp100w Search vendor "Zyxel" for product "Atp100w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 100w Firmware Search vendor "Zyxel" for product "Usg Flex 100w Firmware" | >= 4.50 <= 5.31 Search vendor "Zyxel" for product "Usg Flex 100w Firmware" and version " >= 4.50 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 100w Search vendor "Zyxel" for product "Usg Flex 100w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 200 Firmware Search vendor "Zyxel" for product "Usg Flex 200 Firmware" | >= 4.50 <= 5.31 Search vendor "Zyxel" for product "Usg Flex 200 Firmware" and version " >= 4.50 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 200 Search vendor "Zyxel" for product "Usg Flex 200" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 500 Firmware Search vendor "Zyxel" for product "Usg Flex 500 Firmware" | >= 4.50 <= 5.31 Search vendor "Zyxel" for product "Usg Flex 500 Firmware" and version " >= 4.50 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 500 Search vendor "Zyxel" for product "Usg Flex 500" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 700 Firmware Search vendor "Zyxel" for product "Usg Flex 700 Firmware" | >= 4.50 <= 5.31 Search vendor "Zyxel" for product "Usg Flex 700 Firmware" and version " >= 4.50 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 700 Search vendor "Zyxel" for product "Usg Flex 700" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg Flex 50w Firmware Search vendor "Zyxel" for product "Usg Flex 50w Firmware" | >= 4.50 <= 5.31 Search vendor "Zyxel" for product "Usg Flex 50w Firmware" and version " >= 4.50 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg Flex 50w Search vendor "Zyxel" for product "Usg Flex 50w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn1000 Firmware Search vendor "Zyxel" for product "Vpn1000 Firmware" | >= 4.30 <= 5.31 Search vendor "Zyxel" for product "Vpn1000 Firmware" and version " >= 4.30 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn1000 Search vendor "Zyxel" for product "Vpn1000" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn300 Firmware Search vendor "Zyxel" for product "Vpn300 Firmware" | >= 4.30 <= 5.31 Search vendor "Zyxel" for product "Vpn300 Firmware" and version " >= 4.30 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn300 Search vendor "Zyxel" for product "Vpn300" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn100 Firmware Search vendor "Zyxel" for product "Vpn100 Firmware" | >= 4.30 <= 5.31 Search vendor "Zyxel" for product "Vpn100 Firmware" and version " >= 4.30 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn100 Search vendor "Zyxel" for product "Vpn100" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Vpn50 Firmware Search vendor "Zyxel" for product "Vpn50 Firmware" | >= 4.30 <= 5.31 Search vendor "Zyxel" for product "Vpn50 Firmware" and version " >= 4.30 <= 5.31" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Vpn50 Search vendor "Zyxel" for product "Vpn50" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40 Firmware Search vendor "Zyxel" for product "Usg40 Firmware" | >= 4.30 <= 4.72 Search vendor "Zyxel" for product "Usg40 Firmware" and version " >= 4.30 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40 Search vendor "Zyxel" for product "Usg40" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg40w Firmware Search vendor "Zyxel" for product "Usg40w Firmware" | >= 4.30 <= 4.72 Search vendor "Zyxel" for product "Usg40w Firmware" and version " >= 4.30 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg40w Search vendor "Zyxel" for product "Usg40w" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60 Firmware Search vendor "Zyxel" for product "Usg60 Firmware" | >= 4.30 <= 4.72 Search vendor "Zyxel" for product "Usg60 Firmware" and version " >= 4.30 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60 Search vendor "Zyxel" for product "Usg60" | - | - |
Safe
|
| Zyxel Search vendor "Zyxel" | Usg60w Firmware Search vendor "Zyxel" for product "Usg60w Firmware" | >= 4.30 <= 4.72 Search vendor "Zyxel" for product "Usg60w Firmware" and version " >= 4.30 <= 4.72" | - |
Affected
| in | Zyxel Search vendor "Zyxel" | Usg60w Search vendor "Zyxel" for product "Usg60w" | - | - |
Safe
|