Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-0342

CWE-287Improper Authentication6 documents6 sources
Severity
9.8CRITICAL
EPSS
92.4%
top 0.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
28
Zyxel Nsg300 FirmwareZyxel Usg40 FirmwareZyxel Usg40w Firmware+25 more
Timeline
PublishedMar 28
Latest updateOct 22

Description

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages28 packages

CVEListV5zyxel/usg_flex_series_firmware4.50 through 5.20
CVEListV5zyxel/usg/zywall_series_firmware4.20 through 4.70
CVEListV5zyxel/atp_series_firmware4.32 through 5.20
CVEListV5zyxel/nsg_series_firmware1.20 through 1.33 Patch 4
CVEListV5zyxel/vpn_series_firmware4.30 through 5.20

🔴Vulnerability Details

3
GHSA
GHSA-5g3j-g6gx-xfcg: An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 42022-03-29
CVEList
CVE-2022-0342: An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 42022-03-28
VulnCheck
Zyxel usg40_firmware Improper Authentication2022

💥Exploits & PoCs

1
Nuclei
Zyxel - Authentication Bypass

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Zyxel USG/Zywall Authentication Bypass Attempt (CVE-2022-0342)2024-10-22
CVE-2022-0342 (CRITICAL CVSS 9.8) | An authentication bypass vulnerabil | cvebase.io