Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-0734
HistoryMay 24, 2022 - 3:15 a.m.

CVE-2022-0734

2022-05-2403:15:09
CWE-79
[email protected]
web.nvd.nist.gov
65
23
cve-2022-0734
cross-site scripting
zyxel
firmware
security vulnerability
cgi program
usg
zywall
atp
vpn

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.

Affected configurations

NVD
Node
zyxelvpn100_firmwareRange4.355.20
AND
zyxelvpn100Match-
Node
zyxelvpn1000_firmwareRange4.355.20
AND
zyxelvpn1000Match-
Node
zyxelvpn300_firmwareRange4.355.20
AND
zyxelvpn300Match-
Node
zyxelvpn50_firmwareRange4.355.20
AND
zyxelvpn50Match-
Node
zyxelatp100_firmwareRange4.355.20
AND
zyxelatp100Match-
Node
zyxelatp100w_firmwareRange4.355.20
AND
zyxelatp100wMatch-
Node
zyxelatp200_firmwareRange4.355.20
AND
zyxelatp200Match-
Node
zyxelatp500_firmwareRange4.355.20
AND
zyxelatp500Match-
Node
zyxelatp700_firmwareRange4.355.20
AND
zyxelatp700Match-
Node
zyxelatp800_firmwareRange4.355.20
AND
zyxelatp800Match-
Node
zyxelusg_110_firmwareRange4.354.70
AND
zyxelusg_110Match-
Node
zyxelusg_1100_firmwareRange4.354.70
AND
zyxelusg_1100Match-
Node
zyxelusg_1900_firmwareRange4.354.70
AND
zyxelusg_1900Match-
Node
zyxelusg_20w_firmwareRange4.354.70
AND
zyxelusg_20wMatch-
Node
zyxelusg_20w-vpn_firmwareRange4.354.70
AND
zyxelusg_20w-vpnMatch-
Node
zyxelusg_2200-vpn_firmwareRange4.354.70
AND
zyxelusg_2200-vpnMatch-
Node
zyxelusg_310_firmwareRange4.354.70
AND
zyxelusg_310Match-
Node
zyxelusg_40_firmwareRange4.354.70
AND
zyxelusg_40Match-
Node
zyxelusg_40w_firmwareRange4.354.70
AND
zyxelusg_40wMatch-
Node
zyxelusg_60_firmwareRange4.354.70
AND
zyxelusg_60Match-
Node
zyxelusg_60w_firmwareRange4.354.70
AND
zyxelusg_60wMatch-
Node
zyxelusg_flex_100_firmwareRange4.505.20
AND
zyxelusg_flex_100Match-
Node
zyxelusg_flex_100w_firmwareRange4.505.20
AND
zyxelusg_flex_100wMatch-
Node
zyxelusg_flex_200_firmwareRange4.505.20
AND
zyxelusg_flex_200Match-
Node
zyxelusg_flex_500_firmwareRange4.505.20
AND
zyxelusg_flex_500Match-
Node
zyxelusg_flex_700_firmwareRange4.505.20
AND
zyxelusg_flex_700Match-
Node
zyxelusg200_firmwareRange4.354.70
AND
zyxelusg200Match-
Node
zyxelusg20_firmwareRange4.354.70
AND
zyxelusg20Match-
Node
zyxelusg210_firmwareRange4.354.70
AND
zyxelusg210Match-
Node
zyxelusg2200_firmwareRange4.354.70
AND
zyxelusg2200Match-
Node
zyxelusg300_firmwareRange4.354.70
AND
zyxelusg300Match-
Node
zyxelusg310_firmwareRange4.354.70
AND
zyxelusg310Match-

CNA Affected

[
  {
    "product": "USG/ZyWALL series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.35 through 4.70"
      }
    ]
  },
  {
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.20"
      }
    ]
  },
  {
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.35 through 5.20"
      }
    ]
  },
  {
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.35 through 5.20"
      }
    ]
  }
]

Social References

More

Related

nvd 1
cvelist 1
prion 1
thn 1
nvd
nvd
CVE-2022-0734
2022-05-24 03:15:09
cvelist
cvelist
CVE-2022-0734
2022-05-24 02:10:12
prion
prion
Cross site scripting
2022-05-24 03:15:00
thn
thn
Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices
2022-05-27 07:28:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON
Related for CVE-2022-0734
nvd1cvelist1prion1thn1