CVE-2022-26531: Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

EXPLOIT

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

Affected

73 ranges· showing 25

Vendor	Product	Version range	Fixed in
zyxel	atp100_firmware	4.32 – 5.21	—
zyxel	atp100w_firmware	4.32 – 5.21	—
zyxel	atp200_firmware	4.32 – 5.21	—
zyxel	atp500_firmware	4.32 – 5.21	—
zyxel	atp700_firmware	4.32 – 5.21	—
zyxel	atp800_firmware	4.32 – 5.21	—
zyxel	atp_series_firmware	—	—
zyxel	nap203_firmware	<= 6.25\(abfa.7\)	—
zyxel	nap303_firmware	<= 6.25\(abex.7\)	—
zyxel	nap353_firmware	<= 6.25\(abey.7\)	—
zyxel	nsg100_firmware	—	—
zyxel	nsg100_firmware	>= 1.00 < 1.33	1.33
zyxel	nsg300_firmware	—	—
zyxel	nsg300_firmware	>= 1.00 < 1.33	1.33
zyxel	nsg50_firmware	—	—
zyxel	nsg50_firmware	>= 1.00 < 1.33	1.33
zyxel	nsg_series_firmware	—	—
zyxel	nwa110ax_firmware	<= 6.30\(abtg.2\)	—
zyxel	nwa1123-ac-hd_firmware	<= 6.25\(abin.6\)	—
zyxel	nwa1123-ac-pro_firmware	<= 6.25\(abhd.7\)	—
zyxel	nwa1123acv3_firmware	<= 6.30\(abvt.2\)	—
zyxel	nwa1302-ac_firmware	<= 6.25\(abku.6\)	—
zyxel	nwa210ax_firmware	<= 6.30\(abtd.2\)	—
zyxel	nwa50ax_firmware	<= 6.25\(abyw.5\)	—
zyxel	nwa5123-ac-hd_firmware	<= 6.25\(abim.6\)	—