CVE-2022-30526

Summary

CVE	CVE-2022-30526
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-19 06:15:00 UTC
Updated	2022-12-13 15:38:00 UTC
Description	A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.

Risk And Classification

Problem Types: CWE-269

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Zyxel	Atp100	-	All	All	All
Hardware	Zyxel	Atp100w	-	All	All	All
Operating System	Zyxel	Atp100w Firmware	All	All	All	All
Operating System	Zyxel	Atp100 Firmware	All	All	All	All
Hardware	Zyxel	Atp200	-	All	All	All
Operating System	Zyxel	Atp200 Firmware	All	All	All	All
Hardware	Zyxel	Atp500	-	All	All	All
Operating System	Zyxel	Atp500 Firmware	All	All	All	All
Hardware	Zyxel	Atp700	-	All	All	All
Operating System	Zyxel	Atp700 Firmware	All	All	All	All
Hardware	Zyxel	Atp800	-	All	All	All
Operating System	Zyxel	Atp800 Firmware	All	All	All	All
Hardware	Zyxel	Usg20-vpn	-	All	All	All
Operating System	Zyxel	Usg20-vpn Firmware	All	All	All	All
Hardware	Zyxel	Usg20w-vpn	-	All	All	All
Operating System	Zyxel	Usg20w-vpn Firmware	All	All	All	All
Hardware	Zyxel	Usg40	-	All	All	All
Hardware	Zyxel	Usg40w	-	All	All	All
Operating System	Zyxel	Usg40w Firmware	All	All	All	All
Operating System	Zyxel	Usg40 Firmware	All	All	All	All
Hardware	Zyxel	Usg60	-	All	All	All
Hardware	Zyxel	Usg60w	-	All	All	All
Operating System	Zyxel	Usg60w Firmware	All	All	All	All
Operating System	Zyxel	Usg60 Firmware	All	All	All	All
Hardware	Zyxel	Usg 2200-vpn	-	All	All	All
Operating System	Zyxel	Usg 2200-vpn Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 100w	-	All	All	All
Operating System	Zyxel	Usg Flex 100w Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 200	-	All	All	All
Operating System	Zyxel	Usg Flex 200 Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 500	-	All	All	All
Operating System	Zyxel	Usg Flex 500 Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 50w	-	All	All	All
Operating System	Zyxel	Usg Flex 50w Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 700	-	All	All	All
Operating System	Zyxel	Usg Flex 700 Firmware	All	All	All	All
Hardware	Zyxel	Vpn100	-	All	All	All
Hardware	Zyxel	Vpn1000	-	All	All	All
Operating System	Zyxel	Vpn1000 Firmware	All	All	All	All
Operating System	Zyxel	Vpn100 Firmware	All	All	All	All
Hardware	Zyxel	Vpn300	-	All	All	All
Operating System	Zyxel	Vpn300 Firmware	All	All	All	All
Hardware	Zyxel	Vpn50	-	All	All	All
Operating System	Zyxel	Vpn50 Firmware	All	All	All	All
Hardware	Zyxel	Zywall 110	-	All	All	All
Hardware	Zyxel	Zywall 1100	-	All	All	All
Operating System	Zyxel	Zywall 1100 Firmware	All	All	All	All
Operating System	Zyxel	Zywall 110 Firmware	All	All	All	All
Hardware	Zyxel	Zywall 310	-	All	All	All
Operating System	Zyxel	Zywall 310 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Zyxel Firewall SUID Binary Privilege Escalation ≈ Packet Storm	MISC	packetstormsecurity.com
Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls \| Zyxel	CONFIRM	www.zyxel.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.