Sign-up

ID

VAR-202205-1788


CVE

CVE-2022-0734


TITLE

Zyxel USG/ZyWALL Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3997

DESCRIPTION

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script

Trust: 0.99

sources: NVD: CVE-2022-0734 // VULMON: CVE-2022-0734

AFFECTED PRODUCTS

vendor:zyxelmodel:atp200scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 60scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:vpn300scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp100wscope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg210scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 310scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg200scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 20wscope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:vpn100scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp200scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg20scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg2200scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 2200-vpnscope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg310scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg300scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 40scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg 60scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg 1900scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:vpn50scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg 110scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:atp800scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg 1100scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg 20wscope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 310scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg20scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg210scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg310scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 1900scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:atp700scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg200scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg2200scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg300scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:atp100scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg 2200-vpnscope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:atp500scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg 40scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 1100scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.35

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg 110scope:lteversion:4.70

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.20

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:4.50

Trust: 1.0

sources: NVD: CVE-2022-0734

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-0734
value: MEDIUM

Trust: 1.0

security@zyxel.com.tw: CVE-2022-0734
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202205-3997
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-0734
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

VULMON: CVE-2022-0734
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

security@zyxel.com.tw:
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2022-0734 // NVD: CVE-2022-0734 // NVD: CVE-2022-0734 // CNNVD: CNNVD-202205-3997

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2022-0734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3997

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202205-3997

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-0734

PATCH
title:Zyxel USG/ZyWALL Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193848
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3997

EXTERNAL IDS
db:NVDid:CVE-2022-0734
Trust: 1.7
db:CS-HELPid:SB2022052406
Trust: 0.6
db:CNNVDid:CNNVD-202205-3997
Trust: 0.6
db:VULMONid:CVE-2022-0734
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-0734 // 
            
            
            
            NVD: CVE-2022-0734 // 
            
            
            
            CNNVD: CNNVD-202205-3997

REFERENCES
url:https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-ap-controllers-and-aps.shtml
Trust: 1.7
url:https://www.cybersecurity-help.cz/vdb/sb2022052406
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-0734/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-0734 // 
            
            
            
            NVD: CVE-2022-0734 // 
            
            
            
            CNNVD: CNNVD-202205-3997

SOURCES
db:VULMONid:CVE-2022-0734
db:NVDid:CVE-2022-0734
db:CNNVDid:CNNVD-202205-3997

LAST UPDATE DATE
2023-12-18T13:22:23.028000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-0734date:2022-06-06T00:00:00
db:NVDid:CVE-2022-0734date:2022-06-06T18:16:13.957
db:CNNVDid:CNNVD-202205-3997date:2022-06-08T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-0734date:2022-05-24T00:00:00
db:NVDid:CVE-2022-0734date:2022-05-24T03:15:09.093
db:CNNVDid:CNNVD-202205-3997date:2022-05-24T00:00:00