What is the severity of CVE-2022-0734?

CVE-2022-0734 has been classified as a high severity cross-site scripting vulnerability.

How do I fix CVE-2022-0734?

To fix CVE-2022-0734, you should update your Zyxel firmware to the latest version that addresses this vulnerability.

What versions of Zyxel firmware are affected by CVE-2022-0734?

CVE-2022-0734 affects Zyxel USG/ZyWALL firmware versions 4.35 to 4.70, USG FLEX versions 4.50 to 5.20, ATP firmware versions 4.35 to 5.20, and VPN firmware versions 4.35 to 5.20.

Is CVE-2022-0734 a remote exploit?

Yes, CVE-2022-0734 can potentially be exploited remotely via malicious web pages.

What devices are impacted by CVE-2022-0734 specifically?

Devices impacted by CVE-2022-0734 include Zyxel VPN, USG, ATP, and ZYWALL series products running the mentioned firmware versions.

Vulnerability/
CVE-2022-0734

medium

6.1

CWE

24/5/2022

2/8/2024

CVE-2022-0734: XSS

First published: Tue May 24 2022(Updated: )

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.

Credit: security@zyxel.com.tw

Affected Software	Affected Version	How to fix
Zyxel VPN100	>=4.35<=5.20
Zyxel VPN100 Firmware
Zyxel VPN1000 Firmware	>=4.35<=5.20
Zyxel VPN1000 Firmware
Zyxel Zywall VPN 300 Firmware	>=4.35<=5.20
Zyxel Zywall VPN300
Zyxel Zywall VPN 50 Firmware	>=4.35<=5.20
Zyxel VPN50 Firmware
Zyxel ZyWall ATP100 Firmware	>=4.35<=5.20
Zyxel ATP100 Firmware
Zyxel ATP100W Firmware	>=4.35<=5.20
Zyxel ATP100W Firmware
Zyxel ATP200 firmware	>=4.35<=5.20
Zyxel ATP200 firmware
Zyxel ATP500 Firmware	>=4.35<=5.20
Zyxel ATP500 Firmware
Zyxel Zywall ATP700 Firmware	>=4.35<=5.20
Zyxel ATP700 Firmware
Zyxel ATP800	>=4.35<=5.20
Zyxel ATP800 Firmware
Zyxel USG 110 Firmware	>=4.35<=4.70
Zyxel USG 110 Firmware
Zyxel USG1100 firmware	>=4.35<=4.70
Zyxel USG 1100 firmware
Zyxel USG1900 Firmware	>=4.35<=4.70
Zyxel USG1900
Zyxel USG 20W	>=4.35<=4.70
Zyxel USG20
Zyxel USG 20w-VPN Firmware	>=4.35<=4.70
Zyxel USG20
Zyxel USG2200-VPN Firmware	>=4.35<=4.70
Zyxel USG2200-VPN Firmware
Zyxel ZyWALL USG 310 firmware	>=4.35<=4.70
Zyxel USG 310 firmware
Zyxel USG40W Firmware	>=4.35<=4.70
Zyxel USG40W
Zyxel USG40W Firmware	>=4.35<=4.70
Zyxel USG40W
Zyxel USG60 Firmware	>=4.35<=4.70
Zyxel USG60W
Zyxel USG60W Firmware	>=4.35<=4.70
Zyxel USG 60w firmware
Zyxel USG Flex 100 firmware	>=4.50<=5.20
Zyxel USG FLEX 100
Zyxel USG FLEX 100w firmware	>=4.50<=5.20
Zyxel USG FLEX 100w firmware
Zyxel USG FLEX 200	>=4.50<=5.20
Zyxel USG FLEX 200 firmware
Zyxel USG FLEX 500	>=4.50<=5.20
Zyxel USG FLEX 500 firmware
Zyxel USG FLEX firmware	>=4.50<=5.20
Zyxel USG FLEX 700 firmware
Zyxel USG200 Firmware	>=4.35<=4.70
Zyxel USG200 Firmware
Zyxel USG20-VPN Firmware	>=4.35<=4.70
Zyxel USG20 Firmware
Zyxel USG210 Firmware	>=4.35<=4.70
Zyxel USG210 Firmware
Zyxel USG2200 Firmware	>=4.35<=4.70
Zyxel USG2200-VPN
Zyxel USG300 Firmware	>=4.35<=4.70
Zyxel USG300 Firmware
Zyxel USG 310 firmware	>=4.35<=4.70
Zyxel USG 310

Never miss a vulnerability like this again

Reference Links

https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml

Frequently Asked Questions

What is the severity of CVE-2022-0734?
CVE-2022-0734 has been classified as a high severity cross-site scripting vulnerability.
How do I fix CVE-2022-0734?
To fix CVE-2022-0734, you should update your Zyxel firmware to the latest version that addresses this vulnerability.
What versions of Zyxel firmware are affected by CVE-2022-0734?
CVE-2022-0734 affects Zyxel USG/ZyWALL firmware versions 4.35 to 4.70, USG FLEX versions 4.50 to 5.20, ATP firmware versions 4.35 to 5.20, and VPN firmware versions 4.35 to 5.20.
Is CVE-2022-0734 a remote exploit?
Yes, CVE-2022-0734 can potentially be exploited remotely via malicious web pages.
What devices are impacted by CVE-2022-0734 specifically?
Devices impacted by CVE-2022-0734 include Zyxel VPN, USG, ATP, and ZYWALL series products running the mentioned firmware versions.

agent/type
agent/weakness
agent/author
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zyxel
canonical/zyxel vpn100
version/zyxel vpn100/4.35
version/zyxel vpn100/5.20
canonical/zyxel vpn100 firmware
canonical/zyxel vpn1000 firmware
version/zyxel vpn1000 firmware/4.35
version/zyxel vpn1000 firmware/5.20
canonical/zyxel zywall vpn 300 firmware
version/zyxel zywall vpn 300 firmware/4.35
version/zyxel zywall vpn 300 firmware/5.20
canonical/zyxel zywall vpn300
canonical/zyxel zywall vpn 50 firmware
version/zyxel zywall vpn 50 firmware/4.35
version/zyxel zywall vpn 50 firmware/5.20
canonical/zyxel vpn50 firmware
canonical/zyxel zywall atp100 firmware
version/zyxel zywall atp100 firmware/4.35
version/zyxel zywall atp100 firmware/5.20
canonical/zyxel atp100 firmware
canonical/zyxel atp100w firmware
version/zyxel atp100w firmware/4.35
version/zyxel atp100w firmware/5.20
canonical/zyxel atp200 firmware
version/zyxel atp200 firmware/4.35
version/zyxel atp200 firmware/5.20
canonical/zyxel atp500 firmware
version/zyxel atp500 firmware/4.35
version/zyxel atp500 firmware/5.20
canonical/zyxel zywall atp700 firmware
version/zyxel zywall atp700 firmware/4.35
version/zyxel zywall atp700 firmware/5.20
canonical/zyxel atp700 firmware
canonical/zyxel atp800
version/zyxel atp800/4.35
version/zyxel atp800/5.20
canonical/zyxel atp800 firmware
canonical/zyxel usg 110 firmware
version/zyxel usg 110 firmware/4.35
version/zyxel usg 110 firmware/4.70
canonical/zyxel usg1100 firmware
version/zyxel usg1100 firmware/4.35
version/zyxel usg1100 firmware/4.70
canonical/zyxel usg 1100 firmware
canonical/zyxel usg1900 firmware
version/zyxel usg1900 firmware/4.35
version/zyxel usg1900 firmware/4.70
canonical/zyxel usg1900
canonical/zyxel usg 20w
version/zyxel usg 20w/4.35
version/zyxel usg 20w/4.70
canonical/zyxel usg20
canonical/zyxel usg 20w-vpn firmware
version/zyxel usg 20w-vpn firmware/4.35
version/zyxel usg 20w-vpn firmware/4.70
canonical/zyxel usg2200-vpn firmware
version/zyxel usg2200-vpn firmware/4.35
version/zyxel usg2200-vpn firmware/4.70
canonical/zyxel zywall usg 310 firmware
version/zyxel zywall usg 310 firmware/4.35
version/zyxel zywall usg 310 firmware/4.70
canonical/zyxel usg 310 firmware
canonical/zyxel usg40w firmware
version/zyxel usg40w firmware/4.35
version/zyxel usg40w firmware/4.70
canonical/zyxel usg40w
canonical/zyxel usg60 firmware
version/zyxel usg60 firmware/4.35
version/zyxel usg60 firmware/4.70
canonical/zyxel usg60w
canonical/zyxel usg60w firmware
version/zyxel usg60w firmware/4.35
version/zyxel usg60w firmware/4.70
canonical/zyxel usg 60w firmware
canonical/zyxel usg flex 100 firmware
version/zyxel usg flex 100 firmware/4.50
version/zyxel usg flex 100 firmware/5.20
canonical/zyxel usg flex 100
canonical/zyxel usg flex 100w firmware
version/zyxel usg flex 100w firmware/4.50
version/zyxel usg flex 100w firmware/5.20
canonical/zyxel usg flex 200
version/zyxel usg flex 200/4.50
version/zyxel usg flex 200/5.20
canonical/zyxel usg flex 200 firmware
canonical/zyxel usg flex 500
version/zyxel usg flex 500/4.50
version/zyxel usg flex 500/5.20
canonical/zyxel usg flex 500 firmware
canonical/zyxel usg flex firmware
version/zyxel usg flex firmware/4.50
version/zyxel usg flex firmware/5.20
canonical/zyxel usg flex 700 firmware
canonical/zyxel usg200 firmware
version/zyxel usg200 firmware/4.35
version/zyxel usg200 firmware/4.70
canonical/zyxel usg20-vpn firmware
version/zyxel usg20-vpn firmware/4.35
version/zyxel usg20-vpn firmware/4.70
canonical/zyxel usg20 firmware
canonical/zyxel usg210 firmware
version/zyxel usg210 firmware/4.35
version/zyxel usg210 firmware/4.70
canonical/zyxel usg2200 firmware
version/zyxel usg2200 firmware/4.35
version/zyxel usg2200 firmware/4.70
canonical/zyxel usg2200-vpn
canonical/zyxel usg300 firmware
version/zyxel usg300 firmware/4.35
version/zyxel usg300 firmware/4.70
version/zyxel usg 310 firmware/4.35
version/zyxel usg 310 firmware/4.70
canonical/zyxel usg 310