Directory Traversal Vulnerability in Zyxel USG FLEX and VPN Series Products
CVE-2022-2030
6.5MEDIUM
Key Information:
- Vendor
Zyxel
- Vendor
- CVE Published:
- 19 July 2022
What is CVE-2022-2030?
A directory traversal vulnerability in Zyxel's firewall CGI programs allows an authenticated attacker to exploit improper sanitization of specific character sequences in URLs, potentially granting access to sensitive files restricted from general access. This flaw affects a range of Zyxel USG FLEX devices and VPN series firmware, necessitating prompt attention and remediation to protect against unauthorized file access.
Affected Version(s)
ATP series firmware 4.32 through 5.30
USG 20(W)-VPN firmware 4.16 through 5.30
USG FLEX 100(W) firmware 4.50 through 5.30