Command Injection Vulnerability in Zyxel VMG3312-T20A Firmware
CVE-2022-26413

8HIGH

Key Information:

Vendor: Zyxel
Status: Vmg3312-t20a Firmware
Vendor: CVE Published:; 11 April 2022

What is CVE-2022-26413?

The Zyxel VMG3312-T20A firmware is susceptible to a command injection vulnerability within its CGI program. This flaw allows local authenticated attackers to execute arbitrary operating system commands through the LAN interface, posing a risk to device integrity and network security. It is crucial for users to apply security patches to mitigate potential threats.

Affected Version(s)

VMG3312-T20A firmware V5.30(ABFX.5)C0

References

https://www.zyxel.com/support/OS-command-injection-and-bu...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Mar 4, 2022