Lucene search

[email protected]CVE-2022-26413

HistoryApr 11, 2022 - 1:15 p.m.

CVE-2022-26413

2022-04-1113:15:00

CWE-78

[email protected]

web.nvd.nist.gov

326

zyxel

vmg3312-t20a

firmware

5.30(abfx.5)c0

command injection

vulnerability

lan interface

nvd

cve-2022-26413

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

CPENameOperatorVersion
zyxel:vmg3312-t20a_firmwarezyxel vmg3312-t20a firmwareeq5.30\(abfx.5\)c0
zyxel:emg3525-t50b_firmwarezyxel emg3525-t50b firmwarelt5.50\(abpm.6\)c0
zyxel:emg5523-t50b_firmwarezyxel emg5523-t50b firmwarelt5.50\(abpm.6\)c0
zyxel:emg5723-t50k_firmwarezyxel emg5723-t50k firmwarelt5.50\(abom.7\)c0
zyxel:emg6726-b10a_firmwarezyxel emg6726-b10a firmwarelt5.13\(abnp.7\)c0
zyxel:vmg1312-t20b_firmwarezyxel vmg1312-t20b firmwarelt5.50\(absb.5\)c0
zyxel:vmg3625-t50b_firmwarezyxel vmg3625-t50b firmwarelt5.50\(abpm.6\)c0
zyxel:vmg3927-b50a_firmwarezyxel vmg3927-b50a firmwarelt5.17\(abmt.6\)c0
zyxel:vmg3927-b50b_firmwarezyxel vmg3927-b50b firmwarelt5.13\(ably.7\)c0
zyxel:vmg3927-b60a_firmwarezyxel vmg3927-b60a firmwarelt5.17\(abmt.6\)c0

CPE	Name	Operator	Version
zyxel:vmg3312-t20a_firmware	zyxel vmg3312-t20a firmware	eq	5.30\(abfx.5\)c0
zyxel:emg3525-t50b_firmware	zyxel emg3525-t50b firmware	lt	5.50\(abpm.6\)c0
zyxel:emg5523-t50b_firmware	zyxel emg5523-t50b firmware	lt	5.50\(abpm.6\)c0
zyxel:emg5723-t50k_firmware	zyxel emg5723-t50k firmware	lt	5.50\(abom.7\)c0
zyxel:emg6726-b10a_firmware	zyxel emg6726-b10a firmware	lt	5.13\(abnp.7\)c0
zyxel:vmg1312-t20b_firmware	zyxel vmg1312-t20b firmware	lt	5.50\(absb.5\)c0
zyxel:vmg3625-t50b_firmware	zyxel vmg3625-t50b firmware	lt	5.50\(abpm.6\)c0
zyxel:vmg3927-b50a_firmware	zyxel vmg3927-b50a firmware	lt	5.17\(abmt.6\)c0
zyxel:vmg3927-b50b_firmware	zyxel vmg3927-b50b firmware	lt	5.13\(ably.7\)c0
zyxel:vmg3927-b60a_firmware	zyxel vmg3927-b60a firmware	lt	5.17\(abmt.6\)c0

Rows per page:

1-10 of 321

References

www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for CVE-2022-26413

prion1 thn1