CVE-2022-0342

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-03-2022 03:15

Last modified: - 04-04-2022 07:27

Total changes: - 2

Description

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=zyxel AND product=usg40_firmware AND versionStartIncluding=4.20 AND versionEndExcluding=4.71

vendor=zyxel AND product=usg40 AND version=-

AND

vendor=zyxel AND product=usg40w_firmware AND versionStartIncluding=4.20 AND versionEndExcluding=4.71

vendor=zyxel AND product=usg40w AND version=-

AND

vendor=zyxel AND product=usg60_firmware AND versionStartIncluding=4.20 AND versionEndExcluding=4.71

vendor=zyxel AND product=usg60 AND version=-

AND

vendor=zyxel AND product=usg60w_firmware AND versionStartIncluding=4.20 AND versionEndExcluding=4.71

vendor=zyxel AND product=usg60w AND version=-

AND

vendor=zyxel AND product=zywall_110_firmware AND versionStartIncluding=4.20 AND versionEndExcluding=4.71

vendor=zyxel AND product=zywall_110 AND version=-

AND

vendor=zyxel AND product=zywall_310_firmware AND versionStartIncluding=4.20 AND versionEndExcluding=4.71

vendor=zyxel AND product=zywall_310 AND version=-

AND

vendor=zyxel AND product=zywall_1100_firmware AND versionStartIncluding=4.20 AND versionEndExcluding=4.71

vendor=zyxel AND product=zywall_1100 AND version=-

AND

vendor=zyxel AND product=usg_flex_100_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.50

vendor=zyxel AND product=usg_flex_100 AND version=-

AND

vendor=zyxel AND product=usg_flex_200_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.50

vendor=zyxel AND product=usg_flex_200 AND version=-

AND

vendor=zyxel AND product=usg_flex_500_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.50

vendor=zyxel AND product=usg_flex_500 AND version=-

AND

vendor=zyxel AND product=usg_flex_100w_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.50

vendor=zyxel AND product=usg_flex_100w AND version=-

AND

vendor=zyxel AND product=usg_flex_700_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.50

vendor=zyxel AND product=usg_flex_700 AND version=-

AND

vendor=zyxel AND product=atp100_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.32

vendor=zyxel AND product=atp100 AND version=-

AND

vendor=zyxel AND product=atp100w_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.32

vendor=zyxel AND product=atp100w AND version=-

AND

vendor=zyxel AND product=atp200_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.32

vendor=zyxel AND product=atp200 AND version=-

AND

vendor=zyxel AND product=atp500_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.32

vendor=zyxel AND product=atp500 AND version=-

AND

vendor=zyxel AND product=atp700_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.32

vendor=zyxel AND product=atp700 AND version=-

AND

vendor=zyxel AND product=atp800_firmware AND versionEndIncluding=5.20 AND versionStartIncluding=4.32

vendor=zyxel AND product=atp800 AND version=-

AND

vendor=zyxel AND product=vpn50_firmware AND versionStartIncluding=4.30 AND versionEndExcluding=5.21

vendor=zyxel AND product=vpn50 AND version=-

AND

vendor=zyxel AND product=vpn100_firmware AND versionStartIncluding=4.30 AND versionEndExcluding=5.21

vendor=zyxel AND product=vpn100 AND version=-

AND

vendor=zyxel AND product=vpn300_firmware AND versionStartIncluding=4.30 AND versionEndExcluding=5.21

vendor=zyxel AND product=vpn300 AND version=-

AND

vendor=zyxel AND product=vpn1000_firmware AND versionStartIncluding=4.30 AND versionEndExcluding=5.21

vendor=zyxel AND product=vpn1000 AND version=-

AND

vendor=zyxel AND product=nsg300_firmware AND versionStartIncluding=1.20 AND versionEndExcluding=1.33

vendor=zyxel AND product=nsg300_firmware AND version=1.33 AND update=-

vendor=zyxel AND product=nsg300_firmware AND version=1.33 AND update=p4

vendor=zyxel AND product=nsg300 AND version=-

Reference

https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml

Keywords

CVE-2022-0342

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-0342

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures