CWE
78 77
Advisory Published
Updated

CVE-2022-26413: OS Command Injection

First published: Mon Apr 11 2022(Updated: )

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

Credit: security@zyxel.com.tw

Affected SoftwareAffected VersionHow to fix
Zyxel VMG3312-T20A firmware=5.30\(abfx.5\)c0
Zyxel VMG3312-T20A firmware
Zyxel EMG3525-T50B Firmware<5.50\(abpm.6\)c0
Zyxel EMG3525-T50B Firmware<5.50\(abpm.6\)c0
Zyxel EMG3525-T50B Firmware
Zyxel EMG5523-T50B<5.50\(abpm.6\)c0
Zyxel EMG5523-T50B<5.50\(abpm.6\)c0
Zyxel EMG5523-T50B Firmware
Zyxel EMG5723-T50K<5.50\(abom.7\)c0
Zyxel EMG5723-T50K Firmware
Zyxel EMG6726-B10A<5.13\(abnp.7\)c0
Zyxel EMG6726-B10A Firmware
Zyxel VMG1312-T20B<5.50\(absb.5\)c0
Zyxel VMG1312-T20B
Zyxel VMG3625-T50B Firmware<5.50\(abpm.6\)c0
Zyxel VMG3625-T50B firmware
Zyxel XMG3927-B50A<5.17\(abmt.6\)c0
Zyxel XMG3927-B50A
Zyxel VMG3927-B50B<5.13\(ably.7\)c0
Zyxel VMG3927-B50B Firmware
Zyxel VMG3927-B60A<5.17\(abmt.6\)c0
Zyxel VMG3927-B60A Firmware
Zyxel VMG3927-T50K<5.50\(abom.7\)c0
Zyxel VMG3927-T50K Firmware
Zyxel VMG4927-B50A Firmware<5.13\(ably.7\)c0
Zyxel VMG4927-B50A Firmware
Zyxel VMG8623-T50B<5.50\(abpm.6\)c0
Zyxel VMG8623-T50B Firmware
Zyxel Xmg8825-b50a Firmware<5.17\(abmt.6\)c0
Zyxel XMG8825-B50A Firmware
Zyxel VMG8825-B50B<5.17\(abny.7\)c0
Zyxel VMG8825-B50B
Zyxel VMG8825-T50K<5.50\(abom.7\)c0
Zyxel VMG8825-T50K firmware
Zyxel Vmg8825-B60A<5.17\(abmt.6\)c0
Zyxel VMG8825-B60A
Zyxel VMG8825-B60B<5.17\(abny.7\)c0
Zyxel VMG8825-B60B Firmware
Zyxel XMG3927-B50A<5.17\(abmt.6\)c0
Zyxel XMG3927-B50A
Zyxel XMG8825-B50A Firmware<5.17\(abmt.6\)c0
Zyxel XMG8825-B50A Firmware
Zyxel DX5401-B0<5.17\(abyo.1\)c0
Zyxel DX5401-B0 firmware
Zyxel Ex3510 Firmware<5.17\(abup.4\)c1
Zyxel Ex3510-B0 Firmware
Zyxel Ex5401-B0<5.17\(abyo.1\)c0
Zyxel Ex5401-B0
Zyxel Ex5501-b0<5.17\(abry.2\)c0
Zyxel EX5501-B0
Zyxel AX7501-B0<5.17\(abpc.1\)c0
Zyxel AX7501-B0 firmware
Zyxel EP240P<5.40\(abh.0\)c0
Zyxel EP240P
Zyxel PM7300-T0 Firmware<5.42\(acbc.1\)c0
Zyxel Pm7300-t0 Firmware
Zyxel PMG5317-T20B<5.40\(abki.4\)c0
Zyxel PMG5317-T20B Firmware
Zyxel PMG5617GA<5.40\(abna.2\)c0
Zyxel PMG5617GA Firmware
Zyxel PMG5617-T20B2<5.41\(acbb.1\)c0
Zyxel PMG5617-T20B2 Firmware
Zyxel PMG5622GA<5.40\(abnb.2\)c0
Zyxel PMG5622GA Firmware
Zyxel Px7501-B0 Firmware<5.17\(abpc.1\)c0
Zyxel Px7501-B0 Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2022-26413?

    CVE-2022-26413 has a high severity rating due to its potential to allow local authenticated attackers to execute arbitrary OS commands.

  • How do I fix CVE-2022-26413?

    To fix CVE-2022-26413, it is recommended to update the Zyxel VMG3312-T20A firmware to a version that is not vulnerable.

  • What devices are affected by CVE-2022-26413?

    CVE-2022-26413 specifically affects Zyxel VMG3312-T20A devices running firmware version 5.30(ABFX.5)C0.

  • Can I exploit CVE-2022-26413 remotely?

    No, CVE-2022-26413 requires local authenticated access to exploit the vulnerability.

  • What types of attacks can be performed using CVE-2022-26413?

    CVE-2022-26413 allows attackers to execute arbitrary OS commands on the affected device, which could lead to further system compromise.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203