Details of VAR-202205-1787

ID

VAR-202205-1787

CVE

CVE-2022-0910

TITLE

Zyxel USG/ZyWALL Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3996

DESCRIPTION

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.

Trust: 1.0

sources: NVD: CVE-2022-0910

AFFECTED PRODUCTS

vendor:	zyxel	model:	usg flex 200	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg200	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 100w	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg2200	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 20w	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg310	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 20w-vpn	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg20	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg300	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg 2200-vpn	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg 110	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 1900	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 20w	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg20	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 1100	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg210	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg 1900	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 310	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg 20w-vpn	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg200	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg310	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg 2200-vpn	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg2200	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg 1100	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg300	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	lte	version:	5.21	Trust: 1.0
vendor:	zyxel	model:	usg 110	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg210	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	lte	version:	4.71	Trust: 1.0
vendor:	zyxel	model:	usg 310	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 100w	scope:	gte	version:	4.50	Trust: 1.0

sources: NVD: CVE-2022-0910

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-0910
value:	MEDIUM
Trust: 1.0
security@zyxel.com.tw:	CVE-2022-0910
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202205-3996
value:	MEDIUM
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0

NVD:
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: NVD: CVE-2022-0910 // NVD: CVE-2022-0910 // CNNVD: CNNVD-202205-3996

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.0

sources: NVD: CVE-2022-0910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3996

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202205-3996

CONFIGURATIONS

sources: NVD: CVE-2022-0910

PATCH

title:

Zyxel USG/ZyWALL Remediation measures for authorization problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195229

Trust: 0.6

sources: CNNVD: CNNVD-202205-3996

EXTERNAL IDS

db:	NVD	id:	CVE-2022-0910	Trust: 1.6
db:	CS-HELP	id:	SB2022052406	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3996	Trust: 0.6

sources: NVD: CVE-2022-0910 // CNNVD: CNNVD-202205-3996

REFERENCES

url:	https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-ap-controllers-and-aps.shtml	Trust: 1.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052406	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-0910/	Trust: 0.6

sources: NVD: CVE-2022-0910 // CNNVD: CNNVD-202205-3996

SOURCES

db:	NVD	id:	CVE-2022-0910
db:	CNNVD	id:	CNNVD-202205-3996

LAST UPDATE DATE

2023-12-18T13:22:23.047000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2022-0910	date:	2022-06-06T18:17:43.570
db:	CNNVD	id:	CNNVD-202205-3996	date:	2022-06-08T00:00:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2022-0910	date:	2022-05-24T03:15:09.150
db:	CNNVD	id:	CNNVD-202205-3996	date:	2022-05-24T00:00:00