ID

VAR-202203-1898


CVE

CVE-2022-0342


TITLE

plural  ZyXEL  Product certification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-007481

DESCRIPTION

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. USG40 firmware, USG40W firmware, USG60 firmware etc. ZyXEL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-0342 // JVNDB: JVNDB-2022-007481 // VULMON: CVE-2022-0342

AFFECTED PRODUCTS

vendor:zyxelmodel:atp100wscope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:zywall 110scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:zywall 1100scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:usg60scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:zywall 310scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg60wscope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:zywall 1100scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg60scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg40scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:nsg300scope:ltversion:1.33

Trust: 1.0

vendor:zyxelmodel:nsg300scope:gteversion:1.20

Trust: 1.0

vendor:zyxelmodel:zywall 310scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg40wscope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp800scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg60wscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:nsg300scope:eqversion:1.33

Trust: 1.0

vendor:zyxelmodel:atp700scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:zywall 110scope:ltversion:4.71

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp100scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg40scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:atp500scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg40wscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.21

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg40scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 310scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg60wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:zywall 110scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg40wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg60scope: - version: -

Trust: 0.8

vendor:zyxelmodel:zywall 1100scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-0342
value: CRITICAL

Trust: 1.8

security@zyxel.com.tw: CVE-2022-0342
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202203-2311
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-0342
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-0342
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-0342
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-0342 // JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342 // NVD: CVE-2022-0342 // CNNVD: CNNVD-202203-2311

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-2311

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202203-2311

CONFIGURATIONS

sources: NVD: CVE-2022-0342

PATCH

title:Zyxel USG/ZyWALL Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=187770

Trust: 0.6

title: - url:https://github.com/f1tao/awesome-iot-security-resource

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/zyxel-patches-critical-bug-affecting-firewall-and-vpn-devices/

Trust: 0.1

sources: VULMON: CVE-2022-0342 // CNNVD: CNNVD-202203-2311

EXTERNAL IDS

db:NVDid:CVE-2022-0342

Trust: 3.3

db:JVNDBid:JVNDB-2022-007481

Trust: 0.8

db:CS-HELPid:SB2022033003

Trust: 0.6

db:CNNVDid:CNNVD-202203-2311

Trust: 0.6

db:VULMONid:CVE-2022-0342

Trust: 0.1

sources: VULMON: CVE-2022-0342 // JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342 // CNNVD: CNNVD-202203-2311

REFERENCES

url:https://www.zyxel.com/support/zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0342

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022033003

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-0342/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.bleepingcomputer.com/news/security/zyxel-patches-critical-bug-affecting-firewall-and-vpn-devices/

Trust: 0.1

sources: VULMON: CVE-2022-0342 // JVNDB: JVNDB-2022-007481 // NVD: CVE-2022-0342 // CNNVD: CNNVD-202203-2311

SOURCES

db:VULMONid:CVE-2022-0342
db:JVNDBid:JVNDB-2022-007481
db:NVDid:CVE-2022-0342
db:CNNVDid:CNNVD-202203-2311

LAST UPDATE DATE

2023-12-18T14:04:01.403000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-0342date:2022-04-04T00:00:00
db:JVNDBid:JVNDB-2022-007481date:2023-07-14T08:38:00
db:NVDid:CVE-2022-0342date:2022-04-04T17:27:58.343
db:CNNVDid:CNNVD-202203-2311date:2022-04-06T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-0342date:2022-03-28T00:00:00
db:JVNDBid:JVNDB-2022-007481date:2023-07-14T00:00:00
db:NVDid:CVE-2022-0342date:2022-03-28T13:15:07.747
db:CNNVDid:CNNVD-202203-2311date:2022-03-28T00:00:00