CVE-2020-29299

CWE-77 — Command Injection3 documents3 sources

Severity

7.2HIGH

EPSS

3.6%

top 12.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel NSG Firmware Zyxel VPN Orchestrator Zyxel ZLD

Timeline

PublishedDec 27

Latest updateMay 24

Description

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDzyxel/vpn_orchestrator< 10.03

▶NVDzyxel/zld< 4.39+1

▶NVDzyxel/nsg_firmware< 1.33+1

🔴Vulnerability Details

GHSA

GHSA-g8hw-8grv-27jh: Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action↗2022-05-24

▶

CVEList

CVE-2020-29299: Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action↗2020-12-27

▶