Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-26531Improper Input Validation in Zyxel Nsg100 Firmware

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
CNA6.1
EPSS
1.0%
top 23.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
70
Zyxel Nsg100 FirmwareZyxel Nsg300 FirmwareZyxel Nsg50 Firmware+67 more
Timeline
PublishedMay 24
Latest updateFeb 26

Description

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages75 packages

CVEListV5zyxel/usg_flex_series_firmware4.50 through 5.21
CVEListV5zyxel/usg_zywall_series_firmware4.09 through 4.71
CVEListV5zyxel/atp_series_firmware4.32 through 5.21
CVEListV5zyxel/nsg_series_firmware1.00 through 1.33 Patch 4
CVEListV5zyxel/vpn_series_firmware4.30 through 5.21

🔴Vulnerability Details

2
GHSA
GHSA-rg7w-p5vw-jmcc: Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 42022-05-25
CVEList
CVE-2022-26531: Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 42022-05-24

📋Vendor Advisories

1
Red Hat
kernel: powerpc/memhotplug: Add add_pages override for PPC2025-02-26
CVE-2022-26531 — Improper Input Validation in Zyxel | cvebase