Vulnerability in Zyxel Atp Series Firmware
CVE-2022-26532
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN s…
EPSS: 0.012 (79.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Zyxel Atp Series Firmware — versions 4.32 through 5.21
- Zyxel Nap203 Firmware — versions <= 6.25(ABFA.7)
- Zyxel Nsg Series Firmware — versions 1.00 through 1.33 Patch 4
- Zyxel Nwa50ax Firmware — versions <= 6.25(ABYW.5)
- Zyxel Nxc2500 Firmware — versions <= 6.10(AAIG.3)
- Zyxel Usg Flex Series Firmware — versions 4.50 through 5.21
- Zyxel Usg/zywall Series Firmware — versions 4.09 through 4.71
- Zyxel Vpn Series Firmware — versions 4.30 through 5.21
- Zyxel Wac500 Firmware — versions <= 6.30(ABVS.2)
- Zyxel Wax510d Firmware — versions <= 6.30(ABTF.2)
Weakness classification (CWE)
Public proof-of-concept exploits
References
- www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-… (x_refsource_CONFIRM)
- 20220610 HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Comman… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-26532?
- CVE-2022-26532 is a high-severity vulnerability in Zyxel Atp Series Firmware, classified under Argument Injection. CVSS score: 7.8/10. Published 2022-05-24.
- How severe is CVE-2022-26532?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2022-26532 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.