CVE-2022-26532

CWE-88 CWE-78 — OS Command Injection3 documents3 sources

Severity

7.8HIGH

EPSS

1.7%

top 17.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nsg100 Firmware Zyxel Nsg300 Firmware Zyxel Nsg50 Firmware +67 more

Timeline

PublishedMay 24

Latest updateMay 25

Description

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and e…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages75 packages

▶CVEListV5zyxel/usg_flex_series_firmware4.50 through 5.21

▶CVEListV5zyxel/usg/zywall_series_firmware4.09 through 4.71

▶CVEListV5zyxel/atp_series_firmware4.32 through 5.21

▶CVEListV5zyxel/nsg_series_firmware1.00 through 1.33 Patch 4

▶CVEListV5zyxel/vpn_series_firmware4.30 through 5.21

🔴Vulnerability Details

GHSA

GHSA-gfh5-53xq-j227: A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4↗2022-05-25

▶

CVEList

CVE-2022-26532: A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4↗2022-05-24

▶