colinardo
Goto Top

Zyxel Firewalls security alert!

A serious vulnerability in Zyxel firewalls has been discovered, which in the worst case, can be used to execute local commands with root privileges. Security updates are already available.

The root vulnerability (CVE-2022-30526) has been rated "high" and attackers can issue their commands via the CLI component. By exploiting the second vulnerability (CVe-2022-2030 "medium"), attackers could potentially gain unauthorized access to files on the device.

back-to-topList of affected devices:

Affected model Affected versionPatch availability
CVE-2022-30526 CVE-2022-2030
USG FLEX 100(W), 200, 500, 700 ZLD V4.50~V5.30 ZLD V4.50~V5.30 ZLD V5.31
USG FLEX 50(W) / USG20(W)-VPN ZLD V4.16~V5.30 ZLD V4.16~V5.30 ZLD V5.31|
ATP series ZLD V4.32~V5.30 ZLD V4.32~V5.30 ZLD V5.31
VPN series ZLD V4.30~V5.30 ZLD V4.30~V5.30 ZLD V5.31
USG/ZyWALL ZLD V4.09~V4.72 ZLD V4.11~V4.72 ZLD V4.72 week28*

Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls

Regards @colinardo

Content-Key: 3387621006

Url: https://administrator.de/contentid/3387621006

Printed on: December 3, 2022 at 22:12 o'clock