Strix
26.1K

CVE-2022-26532

HIGHCVSS 7.8/10EPSS 4.79%

Last modified

CVE-2022-26532 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.. EPSS estimates a 4.79% chance of exploitation in the next 30 days.

Description

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
4.79%

90.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ZyxelVpn100 Firmware>= 4.30, <= 5.21
ZyxelVpn1000 Firmware>= 4.30, <= 5.21
ZyxelVpn300 Firmware>= 4.30, <= 5.21
ZyxelVpn50 Firmware>= 4.30, <= 5.21
ZyxelAtp100 Firmware>= 4.32, <= 5.21
ZyxelAtp100w Firmware>= 4.32, <= 5.21
ZyxelAtp200 Firmware>= 4.32, <= 5.21
ZyxelAtp500 Firmware>= 4.32, <= 5.21
ZyxelAtp700 Firmware>= 4.32, <= 5.21
ZyxelAtp800 Firmware>= 4.32, <= 5.21
ZyxelUsg 110 Firmware>= 4.09, <= 4.71
ZyxelUsg 1100 Firmware>= 4.09, <= 4.71
ZyxelUsg 1900 Firmware>= 4.09, <= 4.71
ZyxelUsg 20w Firmware>= 4.09, <= 4.71
ZyxelUsg 20w-Vpn Firmware>= 4.09, <= 4.71
ZyxelUsg 2200-Vpn Firmware>= 4.09, <= 4.71
ZyxelUsg 310 Firmware>= 4.09, <= 4.71
ZyxelUsg 40 Firmware>= 4.09, <= 4.71
ZyxelUsg 40w Firmware>= 4.09, <= 4.71
ZyxelUsg 60 Firmware>= 4.09, <= 4.71
ZyxelUsg 60w Firmware>= 4.09, <= 4.71
ZyxelUsg Flex 100 Firmware>= 4.50, <= 5.21
ZyxelUsg Flex 100w Firmware>= 4.50, <= 5.21
ZyxelUsg Flex 200 Firmware>= 4.50, <= 5.21
ZyxelUsg Flex 500 Firmware>= 4.50, <= 5.21
ZyxelUsg Flex 700 Firmware>= 4.50, <= 5.21
ZyxelUsg200 Firmware>= 4.09, <= 4.71
ZyxelUsg20 Firmware>= 4.09, <= 4.71
ZyxelUsg210 Firmware>= 4.09, <= 4.71
ZyxelUsg2200 Firmware>= 4.09, <= 4.71
ZyxelUsg300 Firmware>= 4.09, <= 4.71
ZyxelUsg310 Firmware>= 4.09, <= 4.71
ZyxelNsg300 Firmware>= 1.00, < 1.33
ZyxelNsg300 Firmware1.33
ZyxelNsg100 Firmware>= 1.00, < 1.33
ZyxelNsg100 Firmware1.33
ZyxelNsg50 Firmware>= 1.00, < 1.33
ZyxelNsg50 Firmware1.33
ZyxelNxc2500 Firmware<= 6.10\(aaig.3\)
ZyxelNxc5500 Firmware<= 6.10\(aaos.3\)
ZyxelNap203 Firmware<= 6.25\(abfa.7\)
ZyxelNap303 Firmware<= 6.25\(abex.7\)
ZyxelNap353 Firmware<= 6.25\(abey.7\)
ZyxelNwa50ax Firmware<= 6.25\(abyw.5\)
ZyxelNwa55axe Firmware<= 6.25\(abzl.5\)
ZyxelNwa90ax Firmware<= 6.27\(accv.2\)
ZyxelNwa110ax Firmware<= 6.30\(abtg.2\)
ZyxelNwa210ax Firmware<= 6.30\(abtd.2\)
ZyxelNwa1123-Ac-Hd Firmware<= 6.25\(abin.6\)
ZyxelNwa1123-Ac-Pro Firmware<= 6.25\(abhd.7\)

Showing 50 of 68 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-26532?
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
How severe is CVE-2022-26532?
CVE-2022-26532 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 4.79% probability of exploitation in the next 30 days.
How do I fix CVE-2022-26532?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-26532?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST