9.8
CVSSv3

CVE-2022-30525

Published: 12/05/2022 Updated: 23/05/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 up to and including 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 up to and including 5.21 Patch 1, ATP series firmware versions 5.10 up to and including 5.21 Patch 1, VPN series firmware versions 4.60 up to and including 5.21 Patch 1, which could allow an malicious user to modify specific files and then execute some OS commands on a vulnerable device.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zyxel usg_flex_100w_firmware

zyxel usg_flex_200_firmware

zyxel usg_flex_500_firmware

zyxel usg_flex_700_firmware

zyxel vpn100_firmware

zyxel vpn1000_firmware

zyxel vpn300_firmware

zyxel vpn50_firmware

zyxel atp100_firmware

zyxel atp100w_firmware

zyxel atp200_firmware

zyxel atp500_firmware

zyxel atp700_firmware

zyxel atp800_firmware

zyxel usg_flex_50w_firmware

zyxel usg20w-vpn_firmware

Mailing Lists

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution ...

Github Repositories

Victorian Machinery Victorian Machinery is a proof of concept exploit for CVE-2022-30525 The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning Zyxel pushed a fix for this issue on April 28, 2022 The following models are known to be affected: USG FLEX 100, 100W, 200, 500, 700 AT

cve-2022-30525 Initial POC for the CVE-2022-30525

CVE-2022-30525 CVE-2022-30525(Zxyel 防火墙命令注入)的概念证明漏洞利用

CVE-2022-30525-Zyxel-Mass-Exploiter Zyxel multithreaded Mass Exploitation tool compatible with URL/IP lists

CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入 update -proxy From githubcom/Henry4E36/CVE-2022-30525 免责声明 此工具仅作为网络安全攻防研究交流,请使用者遵照网络安全法合理使用! 如果使用者使用该工具出现非法攻击等违法行为,与本作者无关!

CVE-2022-30525

CVE-2022-30525 CVE-2022-30525 POC exploit

CVE-2022-30525 CVE-2022-30525 Zyxel防火墙命令注入漏洞 POC&EXP

CVE-2022-30525-mass zyxel firewall unauthenticated rce mass multi threaded exploit with capability of huge list script details: written in python with multi threading you can adjust the thread count fair and low price not for free: satoshidiskcom/pay/CFSVUG

CVE-2022-30525 Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)批量检测脚本

F5-BIG-IP POC go语言编写CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合 后续会增加F5其他POC author:160teamwest9B 仅限用于安全研究人员在授权的情况下使用,遵守网络安全法,产生任何问题,后果自负,与作者无关。 01-基本介绍 F5 POC合集: CVE-2020-5902:F5 BIG-IP远程代码执行漏洞 CVE-2021-22986:F5 BIG-IP iC

POC exploit index Colections of POC exploit for CVEs 2020 Name/CVE Username Reference CVE-2020-5902 superzerosec cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-5902 CVE-2020-7247 superzerosec cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-7247 2021 Name/CVE Username Reference ProxyShell superzerosec wwwtenablecom/blog/proxyshell-at

Recent Articles

CISA warns admins to patch actively exploited VMware, Zyxel bugs
BleepingComputer • Sergiu Gatlan • 17 May 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.
The Spring Framework vulnerability (CVE-2022-22947) is a maximum severity weakness that attackers can abuse to gain remote code execution on unpatched hosts.
This critical bug is currently being 
&n...

CISA warns admins to patch actively exploited Spring, Zyxel bugs
BleepingComputer • Sergiu Gatlan • 17 May 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.
The Spring Framework vulnerability (CVE-2022-22947) is a maximum severity weakness that attackers can abuse to gain remote code execution on unpatched hosts.
This critical bug is currently being 
&n...

Hackers are exploiting critical bug in Zyxel firewalls and VPNs
BleepingComputer • Ionut Ilascu • 15 May 2022

Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.
Successful exploitation allows a remote attacker to inject arbitrary commands remotely without authentication, which can enable setting up a reverse shell.
The vulnerability was discovered by 
, lead security researcher at Rapid7, who explains in a brief technical report how the flaw can be leveraged in attacks. A...

Zyxel fixes firewall flaws that could lead to hacked networks
BleepingComputer • Bill Toulas • 01 Jan 1970

​Zyxel has fixed critical firewall vulnerabilities that could have allowed threat actors to gain full access to devices and the internal corporate networks they are designed to protect.
The company pushed out the security updates in a silent update two weeks ago but more details emerged recently.
Security researchers at Rapid7 found the flaw, which is now tracked as
(CVSS v3 score: 9.8 – critical), and disclosed it to Zyxel on April 13, 2022.
The flaw is an unauthen...

Zyxel silently fixes critical RCE vulnerability in firewall products
BleepingComputer • Bill Toulas • 01 Jan 1970

Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago.
More specifically, security researchers at Rapid7 found the flaw, which is now tracked as
(CVSS v3 score: 9.8 – critical), and disclosed it to Zyxel on April 13, 2022.
The flaw is an unauthenticated remote command injection via the HTTP interface, affecting Zyxel firewalls supporting Zero Touch Prov...