CVE-2022-0342
Published Mar 28, 2022
Last updated 3 years ago
Overview
- Description
- An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
- Source
- security@zyxel.com.tw
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "446021BD-AEA3-47E8-BF5D-6C649012E84D", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B57804DF-D913-4300-8744-81DB99621240", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9ED6C58-3BF5-424F-AFB1-F6955F3488BB", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB78B59-C4C7-4595-9221-DDC0DCE09BB0", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77FEF751-62FE-4F1B-A84C-30967A605EF5", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46647BB-F930-4648-A25D-C18D71D7A434", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2755DDA-287F-4C79-B663-C5DA9DBC5052", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293C6F8B-51F7-44A5-ACAD-10586C9EB610", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4F8A08F-8531-444E-BE70-6C0096BE8CAC", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8553EF99-5F25-4F96-840C-1D5146C9CAF9", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05959C9F-4209-4B0B-81DD-6C98BFC43F7B", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C2F72A1-7D2D-4BC3-8440-937435507F5C", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724173AB-0DA0-4EFE-A011-FAEF14A95D2A", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A589B630-B42D-4BD5-BBBD-E71C8B5456B8", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14B0DB32-9453-47D8-8024-E6C8505DB617", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5E79634-60EC-4548-B8BC-61E5560CBE75", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BACE4393-DE77-4CE1-A453-B155A3CF9A7C", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D3DC512-0DE4-42DB-AD0C-240AB1B901B1", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62B6CADB-1FB0-4442-A116-055636AB6ECA", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1265B3B-7C70-46C0-8E0C-1C05C7EF99EE", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B770A62D-3B2C-4B91-BB8E-4F36D3F20C9C", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C509426-81BE-46AB-B083-DEA0DC762C85", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30" } ], "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:nsg300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58B0886D-9AF4-453F-96DB-7ABAA5EE3B78" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:nsg300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40E88F87-44B1-4104-A8EB-3BC4A0BA3A45", "versionEndExcluding": "1.33", "versionStartIncluding": "1.20" }, { "criteria": "cpe:2.3:o:zyxel:nsg300_firmware:1.33:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D43F6C03-E7EE-43B9-81B7-2B298134A591" }, { "criteria": "cpe:2.3:o:zyxel:nsg300_firmware:1.33:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97697676-94E6-4A6A-B9FB-07D8DD48BA06" } ], "operator": "OR" } ], "operator": "AND" } ]