Zyxel security advisory for OS command injection vulnerability of firewalls
CVE: CVE-2022-30525
Summary
Zyxel has released patches for an OS command injection vulnerability found by Rapid 7 and urges users to install them for optimal protection.
What is the vulnerability?
A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.
Affected model | Affected firmware version | Patch availability |
USG FLEX 100(W), 200, 500, 700 | ZLD V5.00 through ZLD V5.21 Patch 1 | ZLD V5.30 |
USG FLEX 50(W) / USG20(W)-VPN | ZLD V5.10 through ZLD V5.21 Patch 1 | ZLD V5.30 |
ATP series | ZLD V5.10 through ZLD V5.21 Patch 1 | ZLD V5.30 |
VPN series | ZLD V4.60 through ZLD V5.21 Patch 1 | ZLD V5.30 |
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgments and commentary
Thanks to Rapid7 for reporting the CVE-2022-30525 issue to us. However, there was miscommunication during the disclosure coordination process with Rapid7. As a CNA, Zyxel always follows the principles of coordinated disclosure to arrange public disclosure with reporters.
Revision history
2022-05-12: Initial release
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight