Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26413

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

Published

2022-04-11T13:15:07.763

Last Modified

2024-11-21T06:53:54.313

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

5.1

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	vmg3312-t20a_firmware	5.30\(abfx.5\)c0	Yes
Hardware	zyxel	vmg3312-t20a	-	No
Operating System	zyxel	emg3525-t50b_firmware	< 5.50\(abpm.6\)c0	Yes
Operating System	zyxel	emg3525-t50b_firmware	< 5.50\(abpm.6\)c0	Yes
Hardware	zyxel	emg3525-t50b	-	No
Operating System	zyxel	emg5523-t50b_firmware	< 5.50\(abpm.6\)c0	Yes
Operating System	zyxel	emg5523-t50b_firmware	< 5.50\(abpm.6\)c0	Yes
Hardware	zyxel	emg5523-t50b	-	No
Operating System	zyxel	emg5723-t50k_firmware	< 5.50\(abom.7\)c0	Yes
Hardware	zyxel	emg5723-t50k	-	No
Operating System	zyxel	emg6726-b10a_firmware	< 5.13\(abnp.7\)c0	Yes
Hardware	zyxel	emg6726-b10a	-	No
Operating System	zyxel	vmg1312-t20b_firmware	< 5.50\(absb.5\)c0	Yes
Hardware	zyxel	vmg1312-t20b	-	No
Operating System	zyxel	vmg3625-t50b_firmware	< 5.50\(abpm.6\)c0	Yes
Hardware	zyxel	vmg3625-t50b	-	No
Operating System	zyxel	vmg3927-b50a_firmware	< 5.17\(abmt.6\)c0	Yes
Hardware	zyxel	vmg3927-b50a	-	No
Operating System	zyxel	vmg3927-b50b_firmware	< 5.13\(ably.7\)c0	Yes
Hardware	zyxel	vmg3927-b50b	-	No
Operating System	zyxel	vmg3927-b60a_firmware	< 5.17\(abmt.6\)c0	Yes
Hardware	zyxel	vmg3927-b60a	-	No
Operating System	zyxel	vmg3927-t50k_firmware	< 5.50\(abom.7\)c0	Yes
Hardware	zyxel	vmg3927-t50k	-	No
Operating System	zyxel	vmg4927-b50a_firmware	< 5.13\(ably.7\)c0	Yes
Hardware	zyxel	vmg4927-b50a	-	No
Operating System	zyxel	vmg8623-t50b_firmware	< 5.50\(abpm.6\)c0	Yes
Hardware	zyxel	vmg8623-t50b	-	No
Operating System	zyxel	vmg8825-b50a_firmware	< 5.17\(abmt.6\)c0	Yes
Hardware	zyxel	vmg8825-b50a	-	No
Operating System	zyxel	vmg8825-b50b_firmware	< 5.17\(abny.7\)c0	Yes
Hardware	zyxel	vmg8825-b50b	-	No
Operating System	zyxel	vmg8825-t50k_firmware	< 5.50\(abom.7\)c0	Yes
Hardware	zyxel	vmg8825-t50k	-	No
Operating System	zyxel	vmg8825-b60a_firmware	< 5.17\(abmt.6\)c0	Yes
Hardware	zyxel	vmg8825-b60a	-	No
Operating System	zyxel	vmg8825-b60b_firmware	< 5.17\(abny.7\)c0	Yes
Hardware	zyxel	vmg8825-b60b	-	No
Operating System	zyxel	xmg3927-b50a_firmware	< 5.17\(abmt.6\)c0	Yes
Hardware	zyxel	xmg3927-b50a	-	No
Operating System	zyxel	xmg8825-b50a_firmware	< 5.17\(abmt.6\)c0	Yes
Hardware	zyxel	xmg8825-b50a	-	No
Operating System	zyxel	dx5401-b0_firmware	< 5.17\(abyo.1\)c0	Yes
Hardware	zyxel	dx5401-b0	-	No
Operating System	zyxel	ex3510-b0_firmware	< 5.17\(abup.4\)c1	Yes
Hardware	zyxel	ex3510-b0	-	No
Operating System	zyxel	ex5401-b0_firmware	< 5.17\(abyo.1\)c0	Yes
Hardware	zyxel	ex5401-b0	-	No
Operating System	zyxel	ex5501-b0_firmware	< 5.17\(abry.2\)c0	Yes
Hardware	zyxel	ex5501-b0	-	No
Operating System	zyxel	ax7501-b0_firmware	< 5.17\(abpc.1\)c0	Yes
Hardware	zyxel	ax7501-b0	-	No
Operating System	zyxel	ep240p_firmware	< 5.40\(abh.0\)c0	Yes
Hardware	zyxel	ep240p	-	No
Operating System	zyxel	pm7300-t0_firmware	< 5.42\(acbc.1\)c0	Yes
Hardware	zyxel	pm7300-t0	-	No
Operating System	zyxel	pmg5317-t20b_firmware	< 5.40\(abki.4\)c0	Yes
Hardware	zyxel	pmg5317-t20b	-	No
Operating System	zyxel	pmg5617ga_firmware	< 5.40\(abna.2\)c0	Yes
Hardware	zyxel	pmg5617ga	-	No
Operating System	zyxel	pmg5617-t20b2_firmware	< 5.41\(acbb.1\)c0	Yes
Hardware	zyxel	pmg5617-t20b2	-	No
Operating System	zyxel	pmg5622ga_firmware	< 5.40\(abnb.2\)c0	Yes
Hardware	zyxel	pmg5622ga	-	No
Operating System	zyxel	px7501-b0_firmware	< 5.17\(abpc.1\)c0	Yes
Hardware	zyxel	px7501-b0	-	No

References

https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml Vendor Advisory ([email protected])
https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)