Jason
Zyxel security advisory for local privilege escalation vulnerability of AP Configurator
Options
Zyxel_Jason
Posts: 395 
Master Member
Master Member
CVE: CVE-2022-0556
Summary
Zyxel has released a patch addressing a local privilege escalation vulnerability in its AP Configurator. Users are advised to install it for optimal protection.
What is the vulnerability?
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) could allow an attacker to execute arbitrary code in a specific directory on the local system.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve confirmed that only ZAC is affected and released a patch to address the issue, as shown in the table below.
|
Affected model |
Patch availability |
|
ZAC |
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgments
Thanks
to Trend Micro's Zero Day Initiative for
reporting the issue to us.
Revision history
2022-04-12: Initial release
0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 894 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight