8
CVE-2022-26413
- EPSS 0.63%
- Published 11.04.2022 13:15:07
- Last modified 21.11.2024 06:53:54
- Source security@zyxel.com.tw
- Teams watchlist Login
- Open Login
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
Data is provided by the National Vulnerability Database (NVD)
Zyxel ≫ Vmg3312-t20a Firmware Version5.30(abfx.5)c0
Zyxel ≫ Emg3525-t50b Firmware SwEditionamerica Version < 5.50\(abpm.6\)c0
Zyxel ≫ Emg3525-t50b Firmware SwEditionemea Version < 5.50\(abpm.6\)c0
Zyxel ≫ Emg5523-t50b Firmware SwEditionamerica Version < 5.50\(abpm.6\)c0
Zyxel ≫ Emg5523-t50b Firmware SwEditionemea Version < 5.50\(abpm.6\)c0
Zyxel ≫ Emg5723-t50k Firmware Version < 5.50\(abom.7\)c0
Zyxel ≫ Emg6726-b10a Firmware Version < 5.13\(abnp.7\)c0
Zyxel ≫ Vmg1312-t20b Firmware Version < 5.50\(absb.5\)c0
Zyxel ≫ Vmg3625-t50b Firmware Version < 5.50\(abpm.6\)c0
Zyxel ≫ Vmg3927-b50a Firmware Version < 5.17\(abmt.6\)c0
Zyxel ≫ Vmg3927-b50b Firmware Version < 5.13\(ably.7\)c0
Zyxel ≫ Vmg3927-b60a Firmware Version < 5.17\(abmt.6\)c0
Zyxel ≫ Vmg3927-t50k Firmware Version < 5.50\(abom.7\)c0
Zyxel ≫ Vmg4927-b50a Firmware Version < 5.13\(ably.7\)c0
Zyxel ≫ Vmg8623-t50b Firmware Version < 5.50\(abpm.6\)c0
Zyxel ≫ Vmg8825-b50a Firmware Version < 5.17\(abmt.6\)c0
Zyxel ≫ Vmg8825-b50b Firmware Version < 5.17\(abny.7\)c0
Zyxel ≫ Vmg8825-t50k Firmware Version < 5.50\(abom.7\)c0
Zyxel ≫ Vmg8825-b60a Firmware Version < 5.17\(abmt.6\)c0
Zyxel ≫ Vmg8825-b60b Firmware Version < 5.17\(abny.7\)c0
Zyxel ≫ Xmg3927-b50a Firmware Version < 5.17\(abmt.6\)c0
Zyxel ≫ Xmg8825-b50a Firmware Version < 5.17\(abmt.6\)c0
Zyxel ≫ Dx5401-b0 Firmware Version < 5.17\(abyo.1\)c0
Zyxel ≫ Ex3510-b0 Firmware Version < 5.17\(abup.4\)c1
Zyxel ≫ Ex5401-b0 Firmware Version < 5.17\(abyo.1\)c0
Zyxel ≫ Ex5501-b0 Firmware Version < 5.17\(abry.2\)c0
Zyxel ≫ Ax7501-b0 Firmware Version < 5.17\(abpc.1\)c0
Zyxel ≫ Ep240p Firmware Version < 5.40\(abh.0\)c0
Zyxel ≫ Pm7300-t0 Firmware Version < 5.42\(acbc.1\)c0
Zyxel ≫ Pmg5317-t20b Firmware Version < 5.40\(abki.4\)c0
Zyxel ≫ Pmg5617ga Firmware Version < 5.40\(abna.2\)c0
Zyxel ≫ Pmg5617-t20b2 Firmware Version < 5.41\(acbb.1\)c0
Zyxel ≫ Pmg5622ga Firmware Version < 5.40\(abnb.2\)c0
Zyxel ≫ Px7501-b0 Firmware Version < 5.17\(abpc.1\)c0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.692 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.7 | 5.1 | 10 |
AV:A/AC:L/Au:S/C:C/I:C/A:C
|
| security@zyxel.com.tw | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.