CVE-2022-30526

🗓️ 19 Jul 2022 05:45:14Reported by ZyxelType

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 111 Views

CVE-2022-30526 Privilege escalation vulnerability in Zyxel USG FLEX & other series. Execute OS commands with root privileges

Reporter	Title	Published	Views	Family All 18
0day.today	Zyxel Firewall SUID Binary Privilege Escalation Exploit	2 Sep 202200:00	–	zdt
ATTACKERKB	CVE-2022-30526	19 Jul 202206:15	–	attackerkb
BDU FSTEC	The vulnerability of the command-line interface (CLI) of Zyxell USG FLEX, ATP, and VPN network interfaces allows a hacker to execute arbitrary commands with root privileges.	21 Jul 202200:00	–	bdu_fstec
Circl	CVE-2022-30526	19 Jul 202212:40	–	circl
CNNVD	Zyxel USG FLEX 安全漏洞	19 Jul 202200:00	–	cnnvd
Cvelist	CVE-2022-30526	19 Jul 202205:45	–	cvelist
EUVD	EUVD-2022-52386	3 Oct 202520:07	–	euvd
Metasploit	Zyxel Firewall SUID Binary Privilege Escalation	31 Aug 202219:51	–	metasploit
NCSC	Vulnerabilities fixed in Zyxel products	20 Jul 202200:00	–	ncsc
NVD	CVE-2022-30526	19 Jul 202206:15	–	nvd

NVD

Node

zyxel usg_flex_100w_firmwareRange4.50–5.30

AND

zyxel usg_flex_100wMatch-

Node

zyxel usg_flex_200_firmwareRange4.50–5.30

AND

zyxel usg_flex_200Match-

Node

zyxel usg_flex_500_firmwareRange4.50–5.30

AND

zyxel usg_flex_500Match-

Node

zyxel usg_flex_700_firmwareRange4.50–5.30

AND

zyxel usg_flex_700Match-

Node

zyxel usg_flex_50w_firmwareRange4.16–5.30

AND

zyxel usg_flex_50wMatch-

Node

zyxel usg20w-vpn_firmwareRange4.16–5.30

AND

zyxel usg20w-vpnMatch-

Node

zyxel atp800_firmwareRange4.32–5.30

AND

zyxel atp800Match-

Node

zyxel atp700_firmwareRange4.32–5.30

AND

zyxel atp700Match-

Node

zyxel atp500_firmwareRange4.32–5.30

AND

zyxel atp500Match-

Node

zyxel atp200_firmwareRange4.32–5.30

AND

zyxel atp200Match-

Node

zyxel atp100w_firmwareRange4.32–5.30

AND

zyxel atp100wMatch-

Node

zyxel atp100_firmwareRange4.32–5.30

AND

zyxel atp100Match-

Node

zyxel vpn1000_firmwareRange4.30–5.30

AND

zyxel vpn1000Match-

Node

zyxel vpn300_firmwareRange4.30–5.30

AND

zyxel vpn300Match-

Node

zyxel vpn100_firmwareRange4.30–5.30

AND

zyxel vpn100Match-

Node

zyxel vpn50_firmwareRange4.30–5.30

AND

zyxel vpn50Match-

Node

zyxel usg20-vpn_firmwareRange4.30–5.30

AND

zyxel usg20-vpnMatch-

Node

zyxel usg_2200-vpn_firmwareRange4.30–5.30

AND

zyxel usg_2200-vpnMatch-

Node

zyxel zywall_110_firmwareRange4.30–5.30

AND

zyxel zywall_110Match-

Node

zyxel zywall_310_firmwareRange4.30–5.30

AND

zyxel zywall_310Match-

Node

zyxel zywall_1100_firmwareRange4.30–5.30

AND

zyxel zywall_1100Match-

Node

zyxel usg40_firmwareRange4.09–4.72

AND

zyxel usg40Match-

Node

zyxel usg40w_firmwareRange4.09–4.72

AND

zyxel usg40wMatch-

Node

zyxel usg60_firmwareRange4.09–4.72

AND

zyxel usg60Match-

Node

zyxel usg60w_firmwareRange4.09–4.72

AND

zyxel usg60wMatch-

[
  {
    "product": "USG FLEX 100(W) firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 200 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 700 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.30"
      }
    ]
  },
  {
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.32 through 5.30"
      }
    ]
  },
  {
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.30 through 5.30"
      }
    ]
  },
  {
    "product": "USG FLEX 50(W) firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.30"
      }
    ]
  },
  {
    "product": "USG 20(W)-VPN firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.30"
      }
    ]
  },
  {
    "product": "USG/ZyWALL series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.09 through 4.72"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html
zyxel	www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml

17 Jun 2026 04:43Current

8.8High risk

Vulners AI Score8.8

CVSS 3.17.8

EPSS0.01117

CWE-269