CVE-2022-26531

🗓️ 24 May 2022 00:00:00Reported by ZyxelType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 91 Views

CVE-2022-26531: Multiple input validation flaws in Zyxel firmwar

Reporter	Title	Published	Views	Family All 15
0day.today	Zyxel zysh - Format string Exploit	11 Feb 202400:00	–	zdt
ATTACKERKB	CVE-2022-26531	24 May 202206:15	–	attackerkb
Circl	CVE-2022-26531	24 May 202212:41	–	circl
CNNVD	Zyxel USG/ZyWALL 输入验证错误漏洞	24 May 202200:00	–	cnnvd
Cvelist	CVE-2022-26531	24 May 202200:00	–	cvelist
Exploit DB	Zyxel zysh - Format string	9 Feb 202400:00	–	exploitdb
EUVD	EUVD-2022-31088	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Zyxel products	25 May 202200:00	–	ncsc
NVD	CVE-2022-26531	24 May 202206:15	–	nvd
Packet Storm	Zyxel Buffer Overflow / Format String / Command Injection	19 Jun 202200:00	–	packetstorm

NVD

Node

zyxel vpn100_firmwareRange4.30–5.21

AND

zyxel vpn100Match-

Node

zyxel vpn1000_firmwareRange4.30–5.21

AND

zyxel vpn1000Match-

Node

zyxel vpn300_firmwareRange4.30–5.21

AND

zyxel vpn300Match-

Node

zyxel vpn50_firmwareRange4.30–5.21

AND

zyxel vpn50Match-

Node

zyxel atp100_firmwareRange4.32–5.21

AND

zyxel atp100Match-

Node

zyxel atp100w_firmwareRange4.32–5.21

AND

zyxel atp100wMatch-

Node

zyxel atp200_firmwareRange4.32–5.21

AND

zyxel atp200Match-

Node

zyxel atp500_firmwareRange4.32–5.21

AND

zyxel atp500Match-

Node

zyxel atp700_firmwareRange4.32–5.21

AND

zyxel atp700Match-

Node

zyxel atp800_firmwareRange4.32–5.21

AND

zyxel atp800Match-

Node

zyxel usg_110_firmwareRange4.09–4.71

AND

zyxel usg_110Match-

Node

zyxel usg_1100_firmwareRange4.09–4.71

AND

zyxel usg_1100Match-

Node

zyxel usg_1900_firmwareRange4.09–4.71

AND

zyxel usg_1900Match-

Node

zyxel usg_20w_firmwareRange4.09–4.71

AND

zyxel usg_20wMatch-

Node

zyxel usg_20w-vpn_firmwareRange4.09–4.71

AND

zyxel usg_20w-vpnMatch-

Node

zyxel usg_2200-vpn_firmwareRange4.09–4.71

AND

zyxel usg_2200-vpnMatch-

Node

zyxel usg_310_firmwareRange4.09–4.71

AND

zyxel usg_310Match-

Node

zyxel usg_40_firmwareRange4.09–4.71

AND

zyxel usg_40Match-

Node

zyxel usg_40w_firmwareRange4.09–4.71

AND

zyxel usg_40wMatch-

Node

zyxel usg_60_firmwareRange4.09–4.71

AND

zyxel usg_60Match-

Node

zyxel usg_60w_firmwareRange4.09–4.71

AND

zyxel usg_60wMatch-

Node

zyxel usg_flex_100_firmwareRange4.50–5.21

AND

zyxel usg_flex_100Match-

Node

zyxel usg_flex_100w_firmwareRange4.50–5.21

AND

zyxel usg_flex_100wMatch-

Node

zyxel usg_flex_200_firmwareRange4.50–5.21

AND

zyxel usg_flex_200Match-

Node

zyxel usg_flex_500_firmwareRange4.50–5.21

AND

zyxel usg_flex_500Match-

Node

zyxel usg_flex_700_firmwareRange4.50–5.21

AND

zyxel usg_flex_700Match-

Node

zyxel usg200_firmwareRange4.09–4.71

AND

zyxel usg200Match-

Node

zyxel usg20_firmwareRange4.09–4.71

AND

zyxel usg20Match-

Node

zyxel usg210_firmwareRange4.09–4.71

AND

zyxel usg210Match-

Node

zyxel usg2200_firmwareRange4.09–4.71

AND

zyxel usg2200Match-

Node

zyxel usg300_firmwareRange4.09–4.71

AND

zyxel usg300Match-

Node

zyxel usg310_firmwareRange4.09–4.71

AND

zyxel usg310Match-

Node

zyxel nsg300_firmwareRange1.00–1.33

zyxel nsg300_firmwareMatch1.33-

zyxel nsg300_firmwareMatch1.33patch1

zyxel nsg300_firmwareMatch1.33patch2

zyxel nsg300_firmwareMatch1.33patch3

zyxel nsg300_firmwareMatch1.33patch4

AND

zyxel nsg300Match-

Node

zyxel nsg100_firmwareRange1.00–1.33

zyxel nsg100_firmwareMatch1.33-

zyxel nsg100_firmwareMatch1.33patch1

zyxel nsg100_firmwareMatch1.33patch2

zyxel nsg100_firmwareMatch1.33patch3

zyxel nsg100_firmwareMatch1.33patch4

AND

zyxel nsg100Match-

Node

zyxel nsg50_firmwareRange1.00–1.33

zyxel nsg50_firmwareMatch1.33-

zyxel nsg50_firmwareMatch1.33patch1

zyxel nsg50_firmwareMatch1.33patch2

zyxel nsg50_firmwareMatch1.33patch3

zyxel nsg50_firmwareMatch1.33patch4

AND

zyxel nsg50Match-

Node

zyxel nxc2500_firmwareRange≤6.10(aaig.3)

AND

zyxel nxc2500Match-

Node

zyxel nxc5500_firmwareRange≤6.10(aaos.3)

AND

zyxel nxc5500Match-

Node

zyxel nap203_firmwareRange≤6.25(abfa.7)

AND

zyxel nap203Match-

Node

zyxel nap303_firmwareRange≤6.25(abex.7)

AND

zyxel nap303Match-

Node

zyxel nap353_firmwareRange≤6.25(abey.7)

AND

zyxel nap353Match-

Node

zyxel nwa50ax_firmwareRange≤6.25(abyw.5)

AND

zyxel nwa50axMatch-

Node

zyxel nwa55axe_firmwareRange≤6.25(abzl.5)

AND

zyxel nwa55axeMatch-

Node

zyxel nwa90ax_firmwareRange≤6.27(accv.2)

AND

zyxel nwa90axMatch-

Node

zyxel nwa110ax_firmwareRange≤6.30(abtg.2)

AND

zyxel nwa110axMatch-

Node

zyxel nwa210ax_firmwareRange≤6.30(abtd.2)

AND

zyxel nwa210axMatch-

Node

zyxel nwa1123-ac-hd_firmwareRange≤6.25(abin.6)

AND

zyxel nwa1123-ac-hdMatch-

Node

zyxel nwa1123-ac-pro_firmwareRange≤6.25(abhd.7)

AND

zyxel nwa1123-ac-proMatch-

Node

zyxel nwa1123acv3_firmwareRange≤6.30(abvt.2)

AND

zyxel nwa1123acv3Match-

Node

zyxel nwa1302-ac_firmwareRange≤6.25(abku.6)

AND

zyxel nwa1302-acMatch-

Node

zyxel nwa5123-ac-hd_firmwareRange≤6.25(abim.6)

AND

zyxel nwa5123-ac-hdMatch-

Node

zyxel wac500h_firmwareRange≤6.30(abwa.2)

AND

zyxel wac500hMatch-

Node

zyxel wac500_firmwareRange≤6.30(abvs.2)

AND

zyxel wac500Match-

Node

zyxel wac5302d-s_firmwareRange≤6.10(abfh.10)

AND

zyxel wac5302d-sMatch-

Node

zyxel wac5302d-sv2_firmwareRange≤6.25(abvz.6)

AND

zyxel wac5302d-sv2Match-

Node

zyxel wac6103d-i_firmwareRange≤6.25(aaxh.7)

AND

zyxel wac6103d-iMatch-

Node

zyxel wac6303d-s_firmwareRange≤6.25(abgl.6)

AND

zyxel wac6303d-sMatch-

Node

zyxel wac6502d-e_firmwareRange≤6.25(aasd.7)

AND

zyxel wac6502d-eMatch-

Node

zyxel wac6502d-s_firmwareRange≤6.25(aase.7)

AND

zyxel wac6502d-sMatch-

Node

zyxel wac6503d-s_firmwareRange≤6.25(aasf.7)

AND

zyxel wac6503d-sMatch-

Node

zyxel wac6553d-s_firmwareRange≤6.25(aasg.7)

AND

zyxel wac6553d-sMatch-

Node

zyxel wac6552d-s_firmwareRange≤6.25(abio.7)

AND

zyxel wac6552d-sMatch-

Node

zyxel wax510d_firmwareRange≤6.30(abtf.2)

AND

zyxel wax510dMatch-

Node

zyxel wax610d_firmwareRange≤6.30(abte.2)

AND

zyxel wax610dMatch-

Node

zyxel wax630s_firmwareRange≤6.30(abzd.2)

AND

zyxel wax630sMatch-

Node

zyxel wax650s_firmwareRange≤6.30(abrm.2)

AND

zyxel wax650sMatch-

[
  {
    "vendor": "Zyxel",
    "product": "USG/ZyWALL series firmware",
    "versions": [
      {
        "version": "4.09 through 4.71",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG FLEX series firmware",
    "versions": [
      {
        "version": "4.50 through 5.21",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "ATP series firmware",
    "versions": [
      {
        "version": "4.32 through 5.21",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "VPN series firmware",
    "versions": [
      {
        "version": "4.30 through 5.21",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "NSG series firmware",
    "versions": [
      {
        "version": "1.00 through 1.33 Patch 4",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "NXC2500 firmware",
    "versions": [
      {
        "version": "<= 6.10(AAIG.3)",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "NAP203 firmware",
    "versions": [
      {
        "version": "<= 6.25(ABFA.7)",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "NWA50AX firmware",
    "versions": [
      {
        "version": "<= 6.25(ABYW.5)",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "WAC500 firmware",
    "versions": [
      {
        "version": "<= 6.30(ABVS.2)",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "WAX510D firmware",
    "versions": [
      {
        "version": "<= 6.30(ABTF.2)",
        "status": "affected"
      }
    ]
  }
]

Source	Link
zyxel	www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
seclists	www.seclists.org/fulldisclosure/2022/Jun/15
packetstormsecurity	www.packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html
packetstormsecurity	www.packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html

21 Nov 2024 06:54Current

7.8High risk

Vulners AI Score7.8

CVSS 24.6

CVSS 3.16.1 - 7.8

EPSS0.00989

CWE-20