← Back

CVE-2022-38547

nvd nist
Published: Feb 7, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.

Affected (25)

Zyxel
25 products
Atp100 Firmware
Atp200 Firmware
Atp700 Firmware
Atp500 Firmware
Atp100w Firmware
Atp800 Firmware
Usg Flex 50 Firmware
Usg Flex 200 Firmware
Usg Flex 500 Firmware
Usg Flex 700 Firmware
Usg Flex 100w Firmware
Usg Flex 100 Firmware
Vpn1000 Firmware
Usg20w Vpn Firmware
Usg20 Vpn Firmware
Vpn50 Firmware
Vpn300 Firmware
Vpn100 Firmware
Usg40 Firmware
Usg40w Firmware
Usg60 Firmware
Usg60w Firmware
Zywall 110 Firmware
Zywall 1100 Firmware
Zywall 310 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp100 Firmware
From 4.32 to 5.32
Running on/withPlatform Versions
Zyxel
Atp100
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp200 Firmware
From 4.32 to 5.32
Running on/withPlatform Versions
Zyxel
Atp200
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp700 Firmware
From 4.32 to 5.32
Running on/withPlatform Versions
Zyxel
Atp700
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp500 Firmware
From 4.32 to 5.32
Running on/withPlatform Versions
Zyxel
Atp500
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp100w Firmware
From 4.32 to 5.32
Running on/withPlatform Versions
Zyxel
Atp100w
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp800 Firmware
From 4.32 to 5.32
Running on/withPlatform Versions
Zyxel
Atp800
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 50 Firmware
From 4.50 to 5.32
Running on/withPlatform Versions
Zyxel
Usg Flex 50
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 200 Firmware
From 4.50 to 5.32
Running on/withPlatform Versions
Zyxel
Usg Flex 200
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 500 Firmware
From 4.50 to 5.32
Running on/withPlatform Versions
Zyxel
Usg Flex 500
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 700 Firmware
From 4.50 to 5.32
Running on/withPlatform Versions
Zyxel
Usg Flex 700
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 100w Firmware
From 4.50 to 5.32
Running on/withPlatform Versions
Zyxel
Usg Flex 100w
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 100 Firmware
From 4.50 to 5.32
Running on/withPlatform Versions
Zyxel
Usg Flex 100
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn1000 Firmware
From 4.30 to 5.32
Running on/withPlatform Versions
Zyxel
Vpn1000
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg20w Vpn Firmware
From 4.30 to 5.32
Running on/withPlatform Versions
Zyxel
Usg20w Vpn
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg20 Vpn Firmware
From 4.30 to 5.32
Running on/withPlatform Versions
Zyxel
Usg20 Vpn
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn50 Firmware
From 4.30 to 5.32
Running on/withPlatform Versions
Zyxel
Vpn50
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn300 Firmware
From 4.30 to 5.32
Running on/withPlatform Versions
Zyxel
Vpn300
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn100 Firmware
From 4.30 to 5.32
Running on/withPlatform Versions
Zyxel
Vpn100
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg40 Firmware
From 4.20 to 4.72
Running on/withPlatform Versions
Zyxel
Usg40
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg40w Firmware
From 4.20 to 4.72
Running on/withPlatform Versions
Zyxel
Usg40w
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg60 Firmware
From 4.20 to 4.72
Running on/withPlatform Versions
Zyxel
Usg60
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg60w Firmware
From 4.20 to 4.72
Running on/withPlatform Versions
Zyxel
Usg60w
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall 110 Firmware
From 4.20 to 4.72
Running on/withPlatform Versions
Zyxel
Zywall 110
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall 1100 Firmware
From 4.20 to 4.72
Running on/withPlatform Versions
Zyxel
Zywall 1100
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall 310 Firmware
From 4.20 to 4.72
Running on/withPlatform Versions
Zyxel
Zywall 310
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: security@zyxel.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.