CVE-2022-30526

Published Jul 19, 2022
Last updated 2 years ago
CVSS high 7.8
Overview

Description: A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
Source: security@zyxel.com.tw
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
Weaknesses

nvd@nist.gov: CWE-269
security@zyxel.com.tw: CWE-269
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "168114AC-C949-4CA5-B4B4-BF9FB5890DA2",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.50"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EFADF80-716E-4000-93D4-0CB3B277BA25",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.50"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FABAFF3-61E8-4C97-BEFE-1D68788167FB",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.50"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21C293BE-791E-4D1C-8E72-9E0464444274",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.50"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5094FAF7-6D9A-44EF-B779-86468D82B03C",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EF21C51-050F-4B01-9618-60919AEFEC6A",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.16"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50A72101-97B4-4770-A6F7-D25B3A0AE45E",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "650D7D9B-65A7-4949-9F6C-9A3B7BDD17F5",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C376DD7-8378-42BE-92F1-872500E882D4",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9DC83BF-6F99-4345-BE51-4FB93F38FD21",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E464C22-5D8C-4D85-9F65-8485972C3524",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5A44B6A-B1BC-481F-9D08-61E50F58EB1A",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBBB154D-46EB-4D97-B5F4-01ADA359C5AC",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D0BC145-7EF2-4B13-BE26-A567EEF06613",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75627990-29D4-40F3-8E66-975F1898B6D5",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F357DD8-0C9E-418E-98B4-0F1292AA7176",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "352F3388-9107-4B41-AAD8-D11965D78240",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC1F7BCE-342F-4847-BB89-2B47384A54C9",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32F7F370-C585-45FE-A7F7-40BFF13928CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6FBACC4-A37C-4023-A656-F3428A74D542",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1C3F76A-6963-4B2F-AAF4-9E3BBB0627D6",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61ED5800-D09B-4953-AB0F-65AE3EF33C57",
            "versionEndIncluding": "5.30",
            "versionStartIncluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20E65AC2-F493-4E10-924B-3F5D5FE2B6FF",
            "versionEndIncluding": "4.72",
            "versionStartIncluding": "4.09"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "611A3CB1-D0ED-4B4E-A28E-D69ED31035DF",
            "versionEndIncluding": "4.72",
            "versionStartIncluding": "4.09"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D546A4A3-130F-439C-9C28-8D18870F0A58",
            "versionEndIncluding": "4.72",
            "versionStartIncluding": "4.09"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CED1826F-286E-4795-87C4-6FFD997BDB46",
            "versionEndIncluding": "4.72",
            "versionStartIncluding": "4.09"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
