Lucene search

[email protected]CVE-2022-2030

HistoryJul 19, 2022 - 6:15 a.m.

CVE-2022-2030

2022-07-1906:15:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2022

2030

directory traversal

vulnerability

zyxel

usg flex

cgi

firmware

security

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.1%

JSON

A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.

CPENameOperatorVersion
zyxel:usg_flex_100w_firmwarezyxel usg flex 100w firmwarele5.30
zyxel:usg_flex_200_firmwarezyxel usg flex 200 firmwarele5.30
zyxel:usg_flex_500_firmwarezyxel usg flex 500 firmwarele5.30
zyxel:usg_flex_700_firmwarezyxel usg flex 700 firmwarele5.30
zyxel:usg_flex_50w_firmwarezyxel usg flex 50w firmwarele5.30
zyxel:usg20w-vpn_firmwarezyxel usg20w-vpn firmwarele5.30
zyxel:atp800_firmwarezyxel atp800 firmwarele5.30
zyxel:atp700_firmwarezyxel atp700 firmwarele5.30
zyxel:atp500_firmwarezyxel atp500 firmwarele5.30
zyxel:atp200_firmwarezyxel atp200 firmwarele5.30

CPE	Name	Operator	Version
zyxel:usg_flex_100w_firmware	zyxel usg flex 100w firmware	le	5.30
zyxel:usg_flex_200_firmware	zyxel usg flex 200 firmware	le	5.30
zyxel:usg_flex_500_firmware	zyxel usg flex 500 firmware	le	5.30
zyxel:usg_flex_700_firmware	zyxel usg flex 700 firmware	le	5.30
zyxel:usg_flex_50w_firmware	zyxel usg flex 50w firmware	le	5.30
zyxel:usg20w-vpn_firmware	zyxel usg20w-vpn firmware	le	5.30
zyxel:atp800_firmware	zyxel atp800 firmware	le	5.30
zyxel:atp700_firmware	zyxel atp700 firmware	le	5.30
zyxel:atp500_firmware	zyxel atp500 firmware	le	5.30
zyxel:atp200_firmware	zyxel atp200 firmware	le	5.30

Rows per page:

1-10 of 251

References

www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for CVE-2022-2030

prion1 cvelist1 thn1