CVE-2022-26532
Published: May 24, 2022
Modified: Aug 3, 2024
CVSS v3.1
7.8
Description
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
| Vendor | Product | Versions |
|---|---|---|
Zyxel | USG/ZyWALL series firmware | affected 4.09 through 4.71 |
Zyxel | USG FLEX series firmware | affected 4.50 through 5.21 |
Zyxel | ATP series firmware | affected 4.32 through 5.21 |
Zyxel | VPN series firmware | affected 4.30 through 5.21 |
Zyxel | NSG series firmware | affected 1.00 through 1.33 Patch 4 |
Zyxel | NXC2500 firmware | affected <= 6.10(AAIG.3) |
Zyxel | NAP203 firmware | affected <= 6.25(ABFA.7) |
Zyxel | NWA50AX firmware | affected <= 6.25(ABYW.5) |
Zyxel | WAC500 firmware | affected <= 6.30(ABVS.2) |
Zyxel | WAX510D firmware | affected <= 6.30(ABTF.2) |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now