CVE-2022-0342

EPSS 92.29%
Published 28.03.2022 13:15:07
Last modified 21.11.2024 06:38:25
Source security@zyxel.com.tw
Teams watchlist Login
Open Login

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zyxel ≫ Usg40 Firmware Version >= 4.20 < 4.71

Zyxel ≫ Usg40 Version-

Zyxel ≫ Usg40w Firmware Version >= 4.20 < 4.71

Zyxel ≫ Usg40w Version-

Zyxel ≫ Usg60 Firmware Version >= 4.20 < 4.71

Zyxel ≫ Usg60 Version-

Zyxel ≫ Usg60w Firmware Version >= 4.20 < 4.71

Zyxel ≫ Usg60w Version-

Zyxel ≫ Zywall 110 Firmware Version >= 4.20 < 4.71

Zyxel ≫ Zywall 110 Version-

Zyxel ≫ Zywall 310 Firmware Version >= 4.20 < 4.71

Zyxel ≫ Zywall 310 Version-

Zyxel ≫ Zywall 1100 Firmware Version >= 4.20 < 4.71

Zyxel ≫ Zywall 1100 Version-

Zyxel ≫ Usg Flex 100 Firmware Version >= 4.50 <= 5.20

Zyxel ≫ Usg Flex 100 Version-

Zyxel ≫ Usg Flex 200 Firmware Version >= 4.50 <= 5.20

Zyxel ≫ Usg Flex 200 Version-

Zyxel ≫ Usg Flex 500 Firmware Version >= 4.50 <= 5.20

Zyxel ≫ Usg Flex 500 Version-

Zyxel ≫ Usg Flex 100w Firmware Version >= 4.50 <= 5.20

Zyxel ≫ Usg Flex 100w Version-

Zyxel ≫ Usg Flex 700 Firmware Version >= 4.50 <= 5.20

Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Atp100 Firmware Version >= 4.32 <= 5.20

Zyxel ≫ Atp100 Version-

Zyxel ≫ Atp100w Firmware Version >= 4.32 <= 5.20

Zyxel ≫ Atp100w Version-

Zyxel ≫ Atp200 Firmware Version >= 4.32 <= 5.20

Zyxel ≫ Atp200 Version-

Zyxel ≫ Atp500 Firmware Version >= 4.32 <= 5.20

Zyxel ≫ Atp500 Version-

Zyxel ≫ Atp700 Firmware Version >= 4.32 <= 5.20

Zyxel ≫ Atp700 Version-

Zyxel ≫ Atp800 Firmware Version >= 4.32 <= 5.20

Zyxel ≫ Atp800 Version-

Zyxel ≫ Vpn50 Firmware Version >= 4.30 < 5.21

Zyxel ≫ Vpn50 Version-

Zyxel ≫ Vpn100 Firmware Version >= 4.30 < 5.21

Zyxel ≫ Vpn100 Version-

Zyxel ≫ Vpn300 Firmware Version >= 4.30 < 5.21

Zyxel ≫ Vpn300 Version-

Zyxel ≫ Vpn1000 Firmware Version >= 4.30 < 5.21

Zyxel ≫ Vpn1000 Version-

Zyxel ≫ Nsg300 Firmware Version >= 1.20 < 1.33

Zyxel ≫ Nsg300 Version-

Zyxel ≫ Nsg300 Firmware Version1.33 Update-

Zyxel ≫ Nsg300 Version-

Zyxel ≫ Nsg300 Firmware Version1.33 Updatep4

Zyxel ≫ Nsg300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	92.29%	0.997

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security@zyxel.com.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0342

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0342

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0342

EUVD