Share:

CVE-2022-26413

Critical 8.0

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

Published April 11, 2022.

Affected software

Zyxel Vmg8825-b60b Firmware

Zyxel Vmg3312-t20a Firmware

Zyxel Pmg5617ga Firmware

Zyxel Pmg5617-t20b2 Firmware

Zyxel Vmg3625-t50b Firmware

Zyxel Emg5723-t50k Firmware

Zyxel Emg5523-t50b Firmware

Zyxel Xmg8825-b50a Firmware

Zyxel Ex5401-b0 Firmware

Zyxel Emg6726-b10a Firmware

Zyxel Vmg3927-b50a Firmware

Zyxel Emg3525-t50b Firmware

Zyxel Ax7501-b0 Firmware

Zyxel Pm7300-t0 Firmware

Zyxel Vmg3927-b50b Firmware

Zyxel Vmg8623-t50b Firmware

Zyxel Ep240p Firmware

Zyxel Vmg1312-t20b Firmware

Zyxel Ex3510-b0 Firmware

Zyxel Pmg5317-t20b Firmware

Zyxel Px7501-b0 Firmware

Zyxel Vmg8825-b50b Firmware

Zyxel Vmg3927-b60a Firmware

Zyxel Xmg3927-b50a Firmware

Zyxel Vmg8825-b60a Firmware

Zyxel Vmg3927-t50k Firmware

Zyxel Pmg5622ga Firmware

Zyxel Dx5401-b0 Firmware

Zyxel Vmg8825-b50a Firmware

Zyxel Ex5501-b0 Firmware

Zyxel Vmg4927-b50a Firmware

Zyxel Vmg8825-t50k Firmware

Get alerts for Zyxel Vmg8825-b60b Firmware

Reference links

https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml