First published: Thu May 12 2022(Updated: )
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Credit: security@zyxel.com.tw security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel Usg Flex 100w Firmware | >=5.00<5.30 | |
Zyxel Usg Flex 100w | ||
Zyxel Usg Flex 200 Firmware | >=5.00<5.30 | |
Zyxel Usg Flex 200 | ||
Zyxel Usg Flex 500 Firmware | >=5.00<=5.30 | |
Zyxel Usg Flex 500 | ||
Zyxel Usg Flex 700 Firmware | >=5.00<5.30 | |
Zyxel Usg Flex 700 | ||
Zyxel Vpn100 Firmware | >=4.60<5.30 | |
Zyxel Vpn100 | ||
Zyxel Multiple Network-Attached Storage (NAS) Devices | >=4.60<5.30 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | ||
Zyxel Vpn300 Firmware | >=4.60<5.30 | |
Zyxel Vpn300 | ||
Zyxel Vpn50 Firmware | >=4.60<5.30 | |
Zyxel Vpn50 | ||
Zyxel Multiple Network-Attached Storage (NAS) Devices | >=5.10<5.30 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | ||
Zyxel Atp100w Firmware | >=5.10<5.30 | |
Zyxel Atp100w | ||
Zyxel Atp200 Firmware | >=5.10<5.30 | |
Zyxel ATP200 | ||
Zyxel Atp500 Firmware | >=5.10<5.30 | |
Zyxel Atp500 | ||
Zyxel Atp700 Firmware | >=5.10<5.30 | |
Zyxel Atp700 | ||
Zyxel Atp800 Firmware | >=5.10<5.30 | |
Zyxel Atp800 | ||
Zyxel Usg Flex 50w Firmware | >=5.10<5.30 | |
Zyxel Usg Flex 50w | ||
Zyxel Usg20w-vpn Firmware | >=5.10<5.30 | |
Zyxel Usg20w-vpn | ||
Zyxel Multiple Firewalls | ||
All of | ||
Zyxel Usg Flex 100w Firmware | >=5.00<5.30 | |
Zyxel Usg Flex 100w | ||
All of | ||
Zyxel Usg Flex 200 Firmware | >=5.00<5.30 | |
Zyxel Usg Flex 200 | ||
All of | ||
Zyxel Usg Flex 500 Firmware | >=5.00<=5.30 | |
Zyxel Usg Flex 500 | ||
All of | ||
Zyxel Usg Flex 700 Firmware | >=5.00<5.30 | |
Zyxel Usg Flex 700 | ||
All of | ||
Zyxel Vpn100 Firmware | >=4.60<5.30 | |
Zyxel Vpn100 | ||
All of | ||
Zyxel Vpn1000 Firmware | >=4.60<5.30 | |
Zyxel Vpn1000 | ||
All of | ||
Zyxel Vpn300 Firmware | >=4.60<5.30 | |
Zyxel Vpn300 | ||
All of | ||
Zyxel Vpn50 Firmware | >=4.60<5.30 | |
Zyxel Vpn50 | ||
All of | ||
Zyxel Atp100 Firmware | >=5.10<5.30 | |
Zyxel Atp100 | ||
All of | ||
Zyxel Atp100w Firmware | >=5.10<5.30 | |
Zyxel Atp100w | ||
All of | ||
Zyxel Atp200 Firmware | >=5.10<5.30 | |
Zyxel ATP200 | ||
All of | ||
Zyxel Atp500 Firmware | >=5.10<5.30 | |
Zyxel Atp500 | ||
All of | ||
Zyxel Atp700 Firmware | >=5.10<5.30 | |
Zyxel Atp700 | ||
All of | ||
Zyxel Atp800 Firmware | >=5.10<5.30 | |
Zyxel Atp800 | ||
All of | ||
Zyxel Usg Flex 50w Firmware | >=5.10<5.30 | |
Zyxel Usg Flex 50w | ||
All of | ||
Zyxel Usg20w-vpn Firmware | >=5.10<5.30 | |
Zyxel Usg20w-vpn |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-30525 is critical with a CVSS score of 9.8.
CVE-2022-30525 affects Zyxel Multiple Firewalls by allowing OS command injection.
Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1 are affected by CVE-2022-30525.
To fix CVE-2022-30525, users should update their Zyxel firewalls to firmware versions 5.21 Patch 2 or higher.
More information about CVE-2022-30525 can be found at the following references: <ul><li><a href='http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html'>Packet Storm Security</a></li><li><a href='http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html'>Packet Storm Security</a></li><li><a href='http://packetstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.html'>Packet Storm Security</a></li></ul>