Argument Injection Vulnerability in Zyxel USG/ZyWALL Series Firmware
CVE-2022-26532

7.8HIGH

Key Information:

Vendor

Zyxel
Status
Usg/zywall Series Firmware
Usg Flex Series Firmware
Atp Series Firmware
Vpn Series Firmware
Vendor
CVE Published:
24 May 2022

What is CVE-2022-26532?

A vulnerability exists within the 'packet-trace' CLI command in various Zyxel firmware versions, allowing a local authenticated attacker to inject crafted arguments that could potentially execute arbitrary operating system commands. This poses a significant security risk for network environments relying on affected Zyxel products, highlighting the need for timely updates and strong access controls.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ATP series firmware 4.32 through 5.21

NAP203 firmware <= 6.25(ABFA.7)

NSG series firmware 1.00 through 1.33 Patch 4

References

https://www.zyxel.com/support/multiple-vulnerabilities-of...
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Jun/15
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/167464/Zyxel-Buffer-...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.