← Back

CVE-2022-26413

nvd nist
Published: Apr 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

Affected (34)

Zyxel
32 products
Vmg3312 T20a Firmware
Emg3525 T50b Firmware
Emg5523 T50b Firmware
Emg5723 T50k Firmware
Emg6726 B10a Firmware
Vmg1312 T20b Firmware
Vmg3625 T50b Firmware
Vmg3927 B50a Firmware
Vmg3927 B50b Firmware
Vmg3927 B60a Firmware
Vmg3927 T50k Firmware
Vmg4927 B50a Firmware
Vmg8623 T50b Firmware
Vmg8825 B50a Firmware
Vmg8825 B50b Firmware
Vmg8825 T50k Firmware
Vmg8825 B60a Firmware
Vmg8825 B60b Firmware
Xmg3927 B50a Firmware
Xmg8825 B50a Firmware
Dx5401 B0 Firmware
Ex3510 B0 Firmware
Ex5401 B0 Firmware
Ex5501 B0 Firmware
Ax7501 B0 Firmware
Ep240p Firmware
Pm7300 T0 Firmware
Pmg5317 T20b Firmware
Pmg5617ga Firmware
Pmg5617 T20b2 Firmware
Pmg5622ga Firmware
Px7501 B0 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3312 T20a Firmware
Version 5.30(abfx.5)c0
Running on/withPlatform Versions
Zyxel
Vmg3312 T20a
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zyxel
Emg3525 T50b Firmware
Before 5.50\(abpm.6\)c0
Emg3525 T50b Firmware
Before 5.50\(abpm.6\)c0
Running on/withPlatform Versions
Zyxel
Emg3525 T50b
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zyxel
Emg5523 T50b Firmware
Before 5.50\(abpm.6\)c0
Emg5523 T50b Firmware
Before 5.50\(abpm.6\)c0
Running on/withPlatform Versions
Zyxel
Emg5523 T50b
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emg5723 T50k Firmware
Before 5.50\(abom.7\)c0
Running on/withPlatform Versions
Zyxel
Emg5723 T50k
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emg6726 B10a Firmware
Before 5.13\(abnp.7\)c0
Running on/withPlatform Versions
Zyxel
Emg6726 B10a
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg1312 T20b Firmware
Before 5.50\(absb.5\)c0
Running on/withPlatform Versions
Zyxel
Vmg1312 T20b
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3625 T50b Firmware
Before 5.50\(abpm.6\)c0
Running on/withPlatform Versions
Zyxel
Vmg3625 T50b
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3927 B50a Firmware
Before 5.17\(abmt.6\)c0
Running on/withPlatform Versions
Zyxel
Vmg3927 B50a
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3927 B50b Firmware
Before 5.13\(ably.7\)c0
Running on/withPlatform Versions
Zyxel
Vmg3927 B50b
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3927 B60a Firmware
Before 5.17\(abmt.6\)c0
Running on/withPlatform Versions
Zyxel
Vmg3927 B60a
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3927 T50k Firmware
Before 5.50\(abom.7\)c0
Running on/withPlatform Versions
Zyxel
Vmg3927 T50k
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg4927 B50a Firmware
Before 5.13\(ably.7\)c0
Running on/withPlatform Versions
Zyxel
Vmg4927 B50a
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8623 T50b Firmware
Before 5.50\(abpm.6\)c0
Running on/withPlatform Versions
Zyxel
Vmg8623 T50b
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8825 B50a Firmware
Before 5.17\(abmt.6\)c0
Running on/withPlatform Versions
Zyxel
Vmg8825 B50a
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8825 B50b Firmware
Before 5.17\(abny.7\)c0
Running on/withPlatform Versions
Zyxel
Vmg8825 B50b
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8825 T50k Firmware
Before 5.50\(abom.7\)c0
Running on/withPlatform Versions
Zyxel
Vmg8825 T50k
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8825 B60a Firmware
Before 5.17\(abmt.6\)c0
Running on/withPlatform Versions
Zyxel
Vmg8825 B60a
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8825 B60b Firmware
Before 5.17\(abny.7\)c0
Running on/withPlatform Versions
Zyxel
Vmg8825 B60b
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xmg3927 B50a Firmware
Before 5.17\(abmt.6\)c0
Running on/withPlatform Versions
Zyxel
Xmg3927 B50a
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xmg8825 B50a Firmware
Before 5.17\(abmt.6\)c0
Running on/withPlatform Versions
Zyxel
Xmg8825 B50a
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dx5401 B0 Firmware
Before 5.17\(abyo.1\)c0
Running on/withPlatform Versions
Zyxel
Dx5401 B0
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ex3510 B0 Firmware
Before 5.17\(abup.4\)c1
Running on/withPlatform Versions
Zyxel
Ex3510 B0
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ex5401 B0 Firmware
Before 5.17\(abyo.1\)c0
Running on/withPlatform Versions
Zyxel
Ex5401 B0
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ex5501 B0 Firmware
Before 5.17\(abry.2\)c0
Running on/withPlatform Versions
Zyxel
Ex5501 B0
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ax7501 B0 Firmware
Before 5.17\(abpc.1\)c0
Running on/withPlatform Versions
Zyxel
Ax7501 B0
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ep240p Firmware
Before 5.40\(abh.0\)c0
Running on/withPlatform Versions
Zyxel
Ep240p
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pm7300 T0 Firmware
Before 5.42\(acbc.1\)c0
Running on/withPlatform Versions
Zyxel
Pm7300 T0
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pmg5317 T20b Firmware
Before 5.40\(abki.4\)c0
Running on/withPlatform Versions
Zyxel
Pmg5317 T20b
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pmg5617ga Firmware
Before 5.40\(abna.2\)c0
Running on/withPlatform Versions
Zyxel
Pmg5617ga
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pmg5617 T20b2 Firmware
Before 5.41\(acbb.1\)c0
Running on/withPlatform Versions
Zyxel
Pmg5617 T20b2
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pmg5622ga Firmware
Before 5.40\(abnb.2\)c0
Running on/withPlatform Versions
Zyxel
Pmg5622ga
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Px7501 B0 Firmware
Before 5.17\(abpc.1\)c0
Running on/withPlatform Versions
Zyxel
Px7501 B0
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: security@zyxel.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.