CVE-2022-40603
Summary
| CVE | CVE-2022-40603 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-06 02:15:00 UTC |
| Updated | 2022-12-08 16:41:00 UTC |
| Description | A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Zyxel | Atp100 | - | All | All | All |
| Hardware | Zyxel | Atp100w | - | All | All | All |
| Operating System | Zyxel | Atp100w Firmware | All | All | All | All |
| Operating System | Zyxel | Atp100 Firmware | All | All | All | All |
| Hardware | Zyxel | Atp200 | - | All | All | All |
| Operating System | Zyxel | Atp200 Firmware | All | All | All | All |
| Hardware | Zyxel | Atp500 | - | All | All | All |
| Operating System | Zyxel | Atp500 Firmware | All | All | All | All |
| Hardware | Zyxel | Atp700 | - | All | All | All |
| Operating System | Zyxel | Atp700 Firmware | All | All | All | All |
| Hardware | Zyxel | Atp800 | - | All | All | All |
| Operating System | Zyxel | Atp800 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg40 | - | All | All | All |
| Hardware | Zyxel | Usg40w | - | All | All | All |
| Operating System | Zyxel | Usg40w Firmware | All | All | All | All |
| Operating System | Zyxel | Usg40 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg60 | - | All | All | All |
| Hardware | Zyxel | Usg60w | - | All | All | All |
| Operating System | Zyxel | Usg60w Firmware | All | All | All | All |
| Operating System | Zyxel | Usg60 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 100w | - | All | All | All |
| Operating System | Zyxel | Usg Flex 100w Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 200 | - | All | All | All |
| Operating System | Zyxel | Usg Flex 200 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 500 | - | All | All | All |
| Operating System | Zyxel | Usg Flex 500 Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 50w | - | All | All | All |
| Operating System | Zyxel | Usg Flex 50w Firmware | All | All | All | All |
| Hardware | Zyxel | Usg Flex 700 | - | All | All | All |
| Operating System | Zyxel | Usg Flex 700 Firmware | All | All | All | All |
| Hardware | Zyxel | Vpn100 | - | All | All | All |
| Hardware | Zyxel | Vpn1000 | - | All | All | All |
| Operating System | Zyxel | Vpn1000 Firmware | All | All | All | All |
| Operating System | Zyxel | Vpn100 Firmware | All | All | All | All |
| Hardware | Zyxel | Vpn300 | - | All | All | All |
| Operating System | Zyxel | Vpn300 Firmware | All | All | All | All |
| Hardware | Zyxel | Vpn50 | - | All | All | All |
| Operating System | Zyxel | Vpn50 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Zyxel security advisory for XSS vulnerability in firewalls | Zyxel Networks | CONFIRM | www.zyxel.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.