Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-30526

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGH
EPSS
2.5%
top 14.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
31
Zyxel Atp100 FirmwareZyxel Atp100w FirmwareZyxel Atp200 Firmware+28 more
Timeline
PublishedJul 19
Latest updateJul 20

Description

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series f

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages34 packages

NVDzyxel/usg_flex_200_firmware4.505.30
NVDzyxel/usg_flex_500_firmware4.505.30
NVDzyxel/usg_flex_50w_firmware4.165.30
NVDzyxel/usg_flex_700_firmware4.505.30
NVDzyxel/usg_flex_100w_firmware4.505.30

🔴Vulnerability Details

2
GHSA
GHSA-8f7x-36qv-2prx: A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 42022-07-20
CVEList
CVE-2022-30526: A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 42022-07-19

💥Exploits & PoCs

1
Metasploit
Zyxel Firewall SUID Binary Privilege Escalation
CVE-2022-30526 (HIGH CVSS 7.8) | A privilege escalation vulnerabilit | cvebase.io