Authentication Bypass Vulnerability in Zyxel Firewalls
CVE-2022-0342

9.8CRITICAL

Key Information:

Vendor: Zyxel
Status: Usg/zywall Series Firmware; Usg Flex Series Firmware; Atp Series Firmware; Vpn Series Firmware
Vendor: CVE Published:; 28 March 2022

Summary

This vulnerability exists in the CGI program of Zyxel's various firewall series, enabling attackers to circumvent web authentication and gain unauthorized administrative access. Affected devices include the USG/ZyWALL, USG FLEX, ATP, VPN, and NSG series, spanning multiple firmware versions. Timely updates and security measures are essential to safeguard against potential exploits.

Affected Version(s)

ATP series firmware 4.32 through 5.20

NSG series firmware 1.20 through 1.33 Patch 4

USG FLEX series firmware 4.50 through 5.20

References

https://www.zyxel.com/support/Zyxel-security-advisory-for...

x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2022
Vulnerability Reserved
Jan 24, 2022