Lucene search

ZyxelCVELIST:CVE-2022-26413

HistoryApr 11, 2022 - 12:00 p.m.

CVE-2022-26413

2022-04-1112:00:19

CWE-78

Zyxel

www.cve.org

command injection

zyxel vmg3312-t20a

firmware vulnerability

local attacker

os commands

lan interface

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

5.2%

JSON

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

CNA Affected

[
  {
    "product": "VMG3312-T20A firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.30(ABFX.5)C0"
      }
    ]
  }
]

References

www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

5.2%

JSON

Related for CVELIST:CVE-2022-26413