Zyxel security advisory for LPE and authenticated directory traversal vulnerabilities of firewalls
Zyxel Employee
CVE: CVE-2022-30526, CVE-2022-2030
Summary
Zyxel has released patches for products affected by local privilege escalation (LPE) and authenticated directory traversal vulnerabilities. Users are advised to install them for optimal protection.
What are the vulnerabilities?
A privilege escalation vulnerability was identified in the CLI command of some firewall versions that could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
An authenticated directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of some firewall versions.
What versions are vulnerable-and what should you do?
After a thorough investigation, we’ve identified the vulnerable products for CVE-2022-30526 and CVE-2022-2030 that are within their vulnerability support period, with their firmware patches shown in the table below.
|
Affected model |
Affected version |
Patch availability |
|
|
CVE-2022-30526 |
CVE-2022-2030 |
||
|
USG FLEX 100(W), 200, 500, 700 |
ZLD V4.50~V5.30 |
ZLD V4.50~V5.30 |
ZLD V5.31 |
|
USG FLEX 50(W) / USG20(W)-VPN |
ZLD V4.16~V5.30 |
ZLD V4.20~V5.30 |
ZLD V5.31 |
|
ATP series |
ZLD V4.32~V5.30 |
ZLD V4.32~V5.30 |
ZLD V5.31 |
|
VPN series |
ZLD V4.30~V5.30 |
ZLD V4.30~V5.30 |
ZLD V5.31 |
|
USG/ZyWALL |
ZLD V4.09~V4.72 |
ZLD V4.20~V4.72 |
|
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgment
Thanks to the following security consultancies for reporting the issues to us:
- Rapid7 for CVE-2022-30526
- Maurizio Agazzini (HN Security) in collaboration with SSD Secure Disclosure for CVE-2022-2030
Revision history
2022-07-19: Initial release
2022-07-28: Updated the affected version of USG FLEX 50(W) / USG20(W)-VPN and USG/ZyWALL and added the patch download link for USG/ZyWALL
Comments
-
Hi,how would one go about getting a patch for a USG40 running 4.72(AALA.0)? How do I "reach out to my local Zyxel support team" fot the file?I am in located in Europe/Austria.or will a regular Firmware update be available shortly?thank you0
-
This gets extremely tiring. While I am glad these exploits are being discovered and patched, I would rather have then uncovered before general release.
0 -
No link for 4.x devices.No official firmwares available for 4.x devices.Disappointing.0
Freshman Member
Ally Member
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight