CVE-2022-26413: OS Command Injection
First published: Mon Apr 11 2022(Updated: )
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel VMG3312-T20A firmware | =5.30\(abfx.5\)c0 | |
| Zyxel VMG3312-T20A firmware | ||
| Zyxel EMG3525-T50B Firmware | <5.50\(abpm.6\)c0 | |
| Zyxel EMG3525-T50B Firmware | <5.50\(abpm.6\)c0 | |
| Zyxel EMG3525-T50B Firmware | ||
| Zyxel EMG5523-T50B | <5.50\(abpm.6\)c0 | |
| Zyxel EMG5523-T50B | <5.50\(abpm.6\)c0 | |
| Zyxel EMG5523-T50B Firmware | ||
| Zyxel EMG5723-T50K | <5.50\(abom.7\)c0 | |
| Zyxel EMG5723-T50K Firmware | ||
| Zyxel EMG6726-B10A | <5.13\(abnp.7\)c0 | |
| Zyxel EMG6726-B10A Firmware | ||
| Zyxel VMG1312-T20B | <5.50\(absb.5\)c0 | |
| Zyxel VMG1312-T20B | ||
| Zyxel VMG3625-T50B Firmware | <5.50\(abpm.6\)c0 | |
| Zyxel VMG3625-T50B firmware | ||
| Zyxel XMG3927-B50A | <5.17\(abmt.6\)c0 | |
| Zyxel XMG3927-B50A | ||
| Zyxel VMG3927-B50B | <5.13\(ably.7\)c0 | |
| Zyxel VMG3927-B50B Firmware | ||
| Zyxel VMG3927-B60A | <5.17\(abmt.6\)c0 | |
| Zyxel VMG3927-B60A Firmware | ||
| Zyxel VMG3927-T50K | <5.50\(abom.7\)c0 | |
| Zyxel VMG3927-T50K Firmware | ||
| Zyxel VMG4927-B50A Firmware | <5.13\(ably.7\)c0 | |
| Zyxel VMG4927-B50A Firmware | ||
| Zyxel VMG8623-T50B | <5.50\(abpm.6\)c0 | |
| Zyxel VMG8623-T50B Firmware | ||
| Zyxel Xmg8825-b50a Firmware | <5.17\(abmt.6\)c0 | |
| Zyxel XMG8825-B50A Firmware | ||
| Zyxel VMG8825-B50B | <5.17\(abny.7\)c0 | |
| Zyxel VMG8825-B50B | ||
| Zyxel VMG8825-T50K | <5.50\(abom.7\)c0 | |
| Zyxel VMG8825-T50K firmware | ||
| Zyxel Vmg8825-B60A | <5.17\(abmt.6\)c0 | |
| Zyxel VMG8825-B60A | ||
| Zyxel VMG8825-B60B | <5.17\(abny.7\)c0 | |
| Zyxel VMG8825-B60B Firmware | ||
| Zyxel XMG3927-B50A | <5.17\(abmt.6\)c0 | |
| Zyxel XMG3927-B50A | ||
| Zyxel XMG8825-B50A Firmware | <5.17\(abmt.6\)c0 | |
| Zyxel XMG8825-B50A Firmware | ||
| Zyxel DX5401-B0 | <5.17\(abyo.1\)c0 | |
| Zyxel DX5401-B0 firmware | ||
| Zyxel Ex3510 Firmware | <5.17\(abup.4\)c1 | |
| Zyxel Ex3510-B0 Firmware | ||
| Zyxel Ex5401-B0 | <5.17\(abyo.1\)c0 | |
| Zyxel Ex5401-B0 | ||
| Zyxel Ex5501-b0 | <5.17\(abry.2\)c0 | |
| Zyxel EX5501-B0 | ||
| Zyxel AX7501-B0 | <5.17\(abpc.1\)c0 | |
| Zyxel AX7501-B0 firmware | ||
| Zyxel EP240P | <5.40\(abh.0\)c0 | |
| Zyxel EP240P | ||
| Zyxel PM7300-T0 Firmware | <5.42\(acbc.1\)c0 | |
| Zyxel Pm7300-t0 Firmware | ||
| Zyxel PMG5317-T20B | <5.40\(abki.4\)c0 | |
| Zyxel PMG5317-T20B Firmware | ||
| Zyxel PMG5617GA | <5.40\(abna.2\)c0 | |
| Zyxel PMG5617GA Firmware | ||
| Zyxel PMG5617-T20B2 | <5.41\(acbb.1\)c0 | |
| Zyxel PMG5617-T20B2 Firmware | ||
| Zyxel PMG5622GA | <5.40\(abnb.2\)c0 | |
| Zyxel PMG5622GA Firmware | ||
| Zyxel Px7501-B0 Firmware | <5.17\(abpc.1\)c0 | |
| Zyxel Px7501-B0 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-26413?
CVE-2022-26413 has a high severity rating due to its potential to allow local authenticated attackers to execute arbitrary OS commands.
How do I fix CVE-2022-26413?
To fix CVE-2022-26413, it is recommended to update the Zyxel VMG3312-T20A firmware to a version that is not vulnerable.
What devices are affected by CVE-2022-26413?
CVE-2022-26413 specifically affects Zyxel VMG3312-T20A devices running firmware version 5.30(ABFX.5)C0.
Can I exploit CVE-2022-26413 remotely?
No, CVE-2022-26413 requires local authenticated access to exploit the vulnerability.
What types of attacks can be performed using CVE-2022-26413?
CVE-2022-26413 allows attackers to execute arbitrary OS commands on the affected device, which could lead to further system compromise.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zyxel
- canonical/zyxel vmg3312-t20a firmware
- version/zyxel vmg3312-t20a firmware/5.30\(abfx.5\)c0
- canonical/zyxel emg3525-t50b firmware
- canonical/zyxel emg5523-t50b
- canonical/zyxel emg5523-t50b firmware
- canonical/zyxel emg5723-t50k
- canonical/zyxel emg5723-t50k firmware
- canonical/zyxel emg6726-b10a
- canonical/zyxel emg6726-b10a firmware
- canonical/zyxel vmg1312-t20b
- canonical/zyxel vmg3625-t50b firmware
- canonical/zyxel xmg3927-b50a
- canonical/zyxel vmg3927-b50b
- canonical/zyxel vmg3927-b50b firmware
- canonical/zyxel vmg3927-b60a
- canonical/zyxel vmg3927-b60a firmware
- canonical/zyxel vmg3927-t50k
- canonical/zyxel vmg3927-t50k firmware
- canonical/zyxel vmg4927-b50a firmware
- canonical/zyxel vmg8623-t50b
- canonical/zyxel vmg8623-t50b firmware
- canonical/zyxel xmg8825-b50a firmware
- canonical/zyxel vmg8825-b50b
- canonical/zyxel vmg8825-t50k
- canonical/zyxel vmg8825-t50k firmware
- canonical/zyxel vmg8825-b60a
- canonical/zyxel vmg8825-b60b
- canonical/zyxel vmg8825-b60b firmware
- canonical/zyxel dx5401-b0
- canonical/zyxel dx5401-b0 firmware
- canonical/zyxel ex3510 firmware
- canonical/zyxel ex3510-b0 firmware
- canonical/zyxel ex5401-b0
- canonical/zyxel ex5501-b0
- canonical/zyxel ax7501-b0
- canonical/zyxel ax7501-b0 firmware
- canonical/zyxel ep240p
- canonical/zyxel pm7300-t0 firmware
- canonical/zyxel pmg5317-t20b
- canonical/zyxel pmg5317-t20b firmware
- canonical/zyxel pmg5617ga
- canonical/zyxel pmg5617ga firmware
- canonical/zyxel pmg5617-t20b2
- canonical/zyxel pmg5617-t20b2 firmware
- canonical/zyxel pmg5622ga
- canonical/zyxel pmg5622ga firmware
- canonical/zyxel px7501-b0 firmware