Versio.io

CVE-2022-0910

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 24-05-2022 05:15
Last modified: - 06-06-2022 08:17
Total changes: - 2

Description

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
None
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
6.5
Base score
2.8
3.6
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=zyxel AND product=vpn100_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=vpn100 AND version=-
AND
OR
vendor=zyxel AND product=vpn1000_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=vpn1000 AND version=-
AND
OR
vendor=zyxel AND product=vpn300_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=vpn300 AND version=-
AND
OR
vendor=zyxel AND product=vpn50_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=vpn50 AND version=-
AND
OR
vendor=zyxel AND product=atp100_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=atp100 AND version=-
AND
OR
vendor=zyxel AND product=atp100w_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=atp100w AND version=-
AND
OR
vendor=zyxel AND product=atp200_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=atp200 AND version=-
AND
OR
vendor=zyxel AND product=atp500_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=atp500 AND version=-
AND
OR
vendor=zyxel AND product=atp700_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=atp700 AND version=-
AND
OR
vendor=zyxel AND product=atp800_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=atp800 AND version=-
AND
OR
vendor=zyxel AND product=usg_110_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_110 AND version=-
AND
OR
vendor=zyxel AND product=usg_1100_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_1100 AND version=-
AND
OR
vendor=zyxel AND product=usg_1900_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_1900 AND version=-
AND
OR
vendor=zyxel AND product=usg_20w_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_20w AND version=-
AND
OR
vendor=zyxel AND product=usg_20w-vpn_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_20w-vpn AND version=-
AND
OR
vendor=zyxel AND product=usg_2200-vpn_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_2200-vpn AND version=-
AND
OR
vendor=zyxel AND product=usg_310_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_310 AND version=-
AND
OR
vendor=zyxel AND product=usg_40_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_40 AND version=-
AND
OR
vendor=zyxel AND product=usg_40w_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_40w AND version=-
AND
OR
vendor=zyxel AND product=usg_60_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_60 AND version=-
AND
OR
vendor=zyxel AND product=usg_60w_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg_60w AND version=-
AND
OR
vendor=zyxel AND product=usg_flex_100_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.50
OR
vendor=zyxel AND product=usg_flex_100 AND version=-
AND
OR
vendor=zyxel AND product=usg_flex_100w_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.50
OR
vendor=zyxel AND product=usg_flex_100w AND version=-
AND
OR
vendor=zyxel AND product=usg_flex_200_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.50
OR
vendor=zyxel AND product=usg_flex_200 AND version=-
AND
OR
vendor=zyxel AND product=usg_flex_500_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.50
OR
vendor=zyxel AND product=usg_flex_500 AND version=-
AND
OR
vendor=zyxel AND product=usg_flex_700_firmware AND versionEndIncluding=5.21 AND versionStartIncluding=4.50
OR
vendor=zyxel AND product=usg_flex_700 AND version=-
AND
OR
vendor=zyxel AND product=usg200_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg200 AND version=-
AND
OR
vendor=zyxel AND product=usg20_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg20 AND version=-
AND
OR
vendor=zyxel AND product=usg210_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg210 AND version=-
AND
OR
vendor=zyxel AND product=usg2200_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg2200 AND version=-
AND
OR
vendor=zyxel AND product=usg300_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg300 AND version=-
AND
OR
vendor=zyxel AND product=usg310_firmware AND versionEndIncluding=4.71 AND versionStartIncluding=4.32
OR
vendor=zyxel AND product=usg310 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2022-0910

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.