CVE-2022-26532

Published: 24/05/2022 Updated: 19/06/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 up to and including 4.71, USG FLEX series firmware versions 4.50 up to and including 5.21, ATP series firmware versions 4.32 up to and including 5.21, VPN series firmware versions 4.30 up to and including 5.21, NSG series firmware versions 1.00 up to and including 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and previous versions versions, NAP203 firmware version 6.25(ABFA.7) and previous versions versions, NWA50AX firmware version 6.25(ABYW.5) and previous versions versions, WAC500 firmware version 6.30(ABVS.2) and previous versions versions, and WAX510D firmware version 6.30(ABTF.2) and previous versions versions, that could allow a local authenticated malicious user to execute arbitrary OS commands by including crafted arguments to the CLI command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zyxel vpn100 firmware
zyxel vpn1000 firmware
zyxel vpn300 firmware
zyxel vpn50 firmware
zyxel atp100 firmware
zyxel atp100w firmware
zyxel atp200 firmware
zyxel atp500 firmware
zyxel atp700 firmware
zyxel atp800 firmware
zyxel usg 110 firmware
zyxel usg 1100 firmware
zyxel usg 1900 firmware
zyxel usg 20w firmware
zyxel usg 20w-vpn firmware
zyxel usg 2200-vpn firmware
zyxel usg 310 firmware
zyxel usg 40 firmware
zyxel usg 40w firmware
zyxel usg 60 firmware
zyxel usg 60w firmware
zyxel usg flex 100 firmware
zyxel usg flex 100w firmware
zyxel usg flex 200 firmware
zyxel usg flex 500 firmware
zyxel usg flex 700 firmware
zyxel usg200 firmware
zyxel usg20 firmware
zyxel usg210 firmware
zyxel usg2200 firmware
zyxel usg300 firmware
zyxel usg310 firmware
zyxel nsg300 firmware
zyxel nsg300 firmware 1.33
zyxel nsg100 firmware
zyxel nsg100 firmware 1.33
zyxel nsg50 firmware
zyxel nsg50 firmware 1.33
zyxel nxc2500 firmware
zyxel nxc5500 firmware
zyxel nap203 firmware
zyxel nap303 firmware
zyxel nap353 firmware
zyxel nwa50ax firmware
zyxel nwa55axe firmware
zyxel nwa90ax firmware
zyxel nwa110ax firmware
zyxel nwa210ax firmware
zyxel nwa1123-ac-hd firmware
zyxel nwa1123-ac-pro firmware
zyxel nwa1123acv3 firmware
zyxel nwa1302-ac firmware
zyxel nwa5123-ac-hd firmware
zyxel wac500h firmware
zyxel wac500 firmware
zyxel wac5302d-s firmware
zyxel wac5302d-sv2 firmware
zyxel wac6103d-i firmware
zyxel wac6303d-s firmware
zyxel wac6502d-e firmware
zyxel wac6502d-s firmware
zyxel wac6503d-s firmware
zyxel wac6553d-s firmware
zyxel wac6552d-s firmware
zyxel wax510d firmware
zyxel wax610d firmware
zyxel wax630s firmware
zyxel wax650s firmware

Zyxel firewalls, AP controllers, and APs suffer from buffer overflow, format string, and command injection vulnerabilities ...

CWE-78 https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml http://seclists.org/fulldisclosure/2022/Jun/15 http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html https://nvd.nist.gov https://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html

CVE-2022-26532

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect