Sign-up

ID

VAR-202207-1385


CVE

CVE-2022-2030


TITLE

plural  ZyXEL  Past traversal vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2022-013719

DESCRIPTION

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. usg flex 100w firmware, USG FLEX 200 firmware, USG FLEX 500 firmware etc. ZyXEL The product contains a path traversal vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-2030 // JVNDB: JVNDB-2022-013719 // VULMON: CVE-2022-2030

AFFECTED PRODUCTS

vendor:zyxelmodel:usg flex 100wscope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:zywall 1100scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp800scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp700scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg 2200-vpnscope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:zywall 310scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:zywall 1100scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp100scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg40scope:lteversion:4.72

Trust: 1.0

vendor:zyxelmodel:atp500scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:zywall 310scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg 2200-vpnscope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg40wscope:lteversion:4.72

Trust: 1.0

vendor:zyxelmodel:vpn300scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp100wscope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg60scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn100scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:zywall 110scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg60scope:lteversion:4.72

Trust: 1.0

vendor:zyxelmodel:usg60wscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:vpn50scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg20w-vpnscope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:zywall 110scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg40scope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg60wscope:lteversion:4.72

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg40wscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg20w-vpnscope:gteversion:4.20

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:vpn100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn300scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 2200-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:zywall 110scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg20w-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn1000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 310scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-013719 // NVD: CVE-2022-2030

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-2030
value: MEDIUM

Trust: 1.8

security@zyxel.com.tw: CVE-2022-2030
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202207-1613
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-2030
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-013719 // NVD: CVE-2022-2030 // NVD: CVE-2022-2030 // CNNVD: CNNVD-202207-1613

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-013719 // NVD: CVE-2022-2030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-1613

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202207-1613

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-2030

PATCH
title:Zyxel USG FLEX Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201960
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202207-1613

EXTERNAL IDS
db:NVDid:CVE-2022-2030
Trust: 3.3
db:JVNDBid:JVNDB-2022-013719
Trust: 0.8
db:CNNVDid:CNNVD-202207-1613
Trust: 0.6
db:VULMONid:CVE-2022-2030
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-2030 // 
            
            
            
            JVNDB: JVNDB-2022-013719 // 
            
            
            
            NVD: CVE-2022-2030 // 
            
            
            
            CNNVD: CNNVD-202207-1613

REFERENCES
url:https://www.zyxel.com/support/zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-2030
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-2030/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-2030 // 
            
            
            
            JVNDB: JVNDB-2022-013719 // 
            
            
            
            NVD: CVE-2022-2030 // 
            
            
            
            CNNVD: CNNVD-202207-1613

SOURCES
db:VULMONid:CVE-2022-2030
db:JVNDBid:JVNDB-2022-013719
db:NVDid:CVE-2022-2030
db:CNNVDid:CNNVD-202207-1613

LAST UPDATE DATE
2023-12-18T11:55:49.322000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-2030date:2022-07-19T00:00:00
db:JVNDBid:JVNDB-2022-013719date:2023-09-11T08:18:00
db:NVDid:CVE-2022-2030date:2022-07-29T22:00:11.850
db:CNNVDid:CNNVD-202207-1613date:2022-08-01T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-2030date:2022-07-19T00:00:00
db:JVNDBid:JVNDB-2022-013719date:2023-09-11T00:00:00
db:NVDid:CVE-2022-2030date:2022-07-19T06:15:08.383
db:CNNVDid:CNNVD-202207-1613date:2022-07-19T00:00:00