ID

VAR-202205-0957


CVE

CVE-2022-30525


TITLE

USG FLEX Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

DESCRIPTION

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device

Trust: 0.99

sources: NVD: CVE-2022-30525 // VULMON: CVE-2022-30525

AFFECTED PRODUCTS

vendor:zyxelmodel:vpn300scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp100wscope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg20w-vpnscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp500scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp700scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp100scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg20w-vpnscope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp800scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.30

Trust: 1.0

sources: NVD: CVE-2022-30525

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-30525
value: CRITICAL

Trust: 1.0

security@zyxel.com.tw: CVE-2022-30525
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202205-3104
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-30525
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULMON: CVE-2022-30525
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: VULMON: CVE-2022-30525 // NVD: CVE-2022-30525 // NVD: CVE-2022-30525 // CNNVD: CNNVD-202205-3104

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2022-30525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

CONFIGURATIONS

sources: NVD: CVE-2022-30525

PATCH

title:Zyxel Technology USG FLEX Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192898

Trust: 0.6

title: - url:https://github.com/iveresk/cve-2022-30525

Trust: 0.1

title: - url:https://github.com/pytersmithdarkghost/exploitcve202230525

Trust: 0.1

title: - url:https://github.com/jbaines-r7/victorian_machinery

Trust: 0.1

title: - url:https://github.com/ygoldking/cve-2022-30525

Trust: 0.1

sources: VULMON: CVE-2022-30525 // CNNVD: CNNVD-202205-3104

EXTERNAL IDS

db:NVDid:CVE-2022-30525

Trust: 1.7

db:PACKETSTORMid:167182

Trust: 1.6

db:PACKETSTORMid:167372

Trust: 1.6

db:PACKETSTORMid:168202

Trust: 1.6

db:PACKETSTORMid:167176

Trust: 1.6

db:CXSECURITYid:WLB-2022060004

Trust: 0.6

db:CXSECURITYid:WLB-2022080075

Trust: 0.6

db:CS-HELPid:SB2022051308

Trust: 0.6

db:EXPLOIT-DBid:50946

Trust: 0.6

db:CNNVDid:CNNVD-202205-3104

Trust: 0.6

db:VULMONid:CVE-2022-30525

Trust: 0.1

sources: VULMON: CVE-2022-30525 // NVD: CVE-2022-30525 // CNNVD: CNNVD-202205-3104

REFERENCES

url:http://packetstormsecurity.com/files/167182/zyxel-firewall-ztp-unauthenticated-command-injection.html

Trust: 2.2

url:http://packetstormsecurity.com/files/167372/zyxel-usg-flex-5.21-command-injection.html

Trust: 2.2

url:http://packetstormsecurity.com/files/167176/zyxel-remote-command-execution.html

Trust: 1.6

url:http://packetstormsecurity.com/files/168202/zyxel-firewall-suid-binary-privilege-escalation.html

Trust: 1.6

url:https://www.zyxel.com/support/zyxel-security-advisory-for-os-command-injection-vulnerability-of-firewalls.shtml

Trust: 1.6

url:https://cxsecurity.com/issue/wlb-2022080075

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051308

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022060004

Trust: 0.6

url:https://www.exploit-db.com/exploits/50946

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-30525/

Trust: 0.6

sources: NVD: CVE-2022-30525 // CNNVD: CNNVD-202205-3104

CREDITS

jbaines-r7

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

SOURCES

db:VULMONid:CVE-2022-30525
db:NVDid:CVE-2022-30525
db:CNNVDid:CNNVD-202205-3104

LAST UPDATE DATE

2023-12-18T13:59:38.680000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-30525date:2022-10-19T00:00:00
db:NVDid:CVE-2022-30525date:2022-10-19T18:32:19.340
db:CNNVDid:CNNVD-202205-3104date:2022-09-01T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-30525date:2022-05-12T00:00:00
db:NVDid:CVE-2022-30525date:2022-05-12T14:15:07.053
db:CNNVDid:CNNVD-202205-3104date:2022-05-12T00:00:00