ID

VAR-202205-0957


CVE

CVE-2022-30525


TITLE

USG FLEX Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

DESCRIPTION

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device

Trust: 0.99

sources: NVD: CVE-2022-30525 // VULMON: CVE-2022-30525

AFFECTED PRODUCTS

vendor:zyxelmodel:usg flex 200scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp200scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp700scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp100scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp100wscope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp500scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp800scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:ltversion:5.30

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg20w-vpnscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg20w-vpnscope:ltversion:5.30

Trust: 1.0

sources: NVD: CVE-2022-30525

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-30525
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202205-3104
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-30525
value: HIGH

Trust: 0.1

NVD: CVE-2022-30525
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.1

NVD: CVE-2022-30525
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2022-30525 // CNNVD: CNNVD-202205-3104 // NVD: CVE-2022-30525

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2022-30525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

CONFIGURATIONS

sources: NVD: CVE-2022-30525

PATCH

title:Zyxel Technology USG FLEX Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=192898

Trust: 0.6

title: - url:https://github.com/iveresk/cve-2022-30525

Trust: 0.1

title: - url:https://github.com/pytersmithdarkghost/exploitcve202230525

Trust: 0.1

title: - url:https://github.com/jbaines-r7/victorian_machinery

Trust: 0.1

title: - url:https://github.com/prongedfork/cve-2022-30525

Trust: 0.1

title: - url:https://github.com/ygoldking/cve-2022-30525

Trust: 0.1

sources: VULMON: CVE-2022-30525 // CNNVD: CNNVD-202205-3104

EXTERNAL IDS

db:NVDid:CVE-2022-30525

Trust: 1.7

db:PACKETSTORMid:168202

Trust: 1.6

db:PACKETSTORMid:167176

Trust: 1.6

db:PACKETSTORMid:167372

Trust: 1.6

db:PACKETSTORMid:167182

Trust: 1.6

db:CXSECURITYid:WLB-2022060004

Trust: 0.6

db:CXSECURITYid:WLB-2022080075

Trust: 0.6

db:CS-HELPid:SB2022051308

Trust: 0.6

db:EXPLOIT-DBid:50946

Trust: 0.6

db:CNNVDid:CNNVD-202205-3104

Trust: 0.6

db:VULMONid:CVE-2022-30525

Trust: 0.1

sources: VULMON: CVE-2022-30525 // CNNVD: CNNVD-202205-3104 // NVD: CVE-2022-30525

REFERENCES

url:http://packetstormsecurity.com/files/167182/zyxel-firewall-ztp-unauthenticated-command-injection.html

Trust: 2.2

url:http://packetstormsecurity.com/files/167372/zyxel-usg-flex-5.21-command-injection.html

Trust: 2.2

url:https://www.zyxel.com/support/zyxel-security-advisory-for-os-command-injection-vulnerability-of-firewalls.shtml

Trust: 1.6

url:http://packetstormsecurity.com/files/168202/zyxel-firewall-suid-binary-privilege-escalation.html

Trust: 1.6

url:http://packetstormsecurity.com/files/167176/zyxel-remote-command-execution.html

Trust: 1.6

url:https://cxsecurity.com/issue/wlb-2022080075

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051308

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022060004

Trust: 0.6

url:https://www.exploit-db.com/exploits/50946

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-30525/

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104 // NVD: CVE-2022-30525

CREDITS

jbaines-r7

Trust: 0.6

sources: CNNVD: CNNVD-202205-3104

SOURCES

db:VULMONid:CVE-2022-30525
db:CNNVDid:CNNVD-202205-3104
db:NVDid:CVE-2022-30525

LAST UPDATE DATE

2022-09-06T02:00:17.888000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-30525date:2022-08-31T00:00:00
db:CNNVDid:CNNVD-202205-3104date:2022-09-01T00:00:00
db:NVDid:CVE-2022-30525date:2022-08-31T19:15:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-30525date:2022-05-12T00:00:00
db:CNNVDid:CNNVD-202205-3104date:2022-05-12T00:00:00
db:NVDid:CVE-2022-30525date:2022-05-12T14:15:00