EUVD-2022-31088

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Multiple input validation flaws in Zyxel firmware allow authenticated attack leading to buffer overflow.

Reporter	Title	Published	Views	Family All 17
0day.today	Zyxel zysh - Format string Exploit	11 Feb 202400:00	–	zdt
ATTACKERKB	CVE-2022-26531	24 May 202206:15	–	attackerkb
BDU FSTEC	The vulnerability of the command-line interface (CLI) of Zyxel network device software allows a hacker to trigger a service failure.	22 Aug 202200:00	–	bdu_fstec
Circl	CVE-2022-26531	24 May 202212:41	–	circl
CNNVD	Zyxel USG/ZyWALL 输入验证错误漏洞	24 May 202200:00	–	cnnvd
CVE	CVE-2022-26531	24 May 202200:00	–	cve
Cvelist	CVE-2022-26531	24 May 202200:00	–	cvelist
Exploit DB	Zyxel zysh - Format string	9 Feb 202400:00	–	exploitdb
NCSC	Vulnerabilities fixed in Zyxel products	25 May 202200:00	–	ncsc
NVD	CVE-2022-26531	24 May 202206:15	–	nvd

[
  {
    "enisaIdVendor": [
      {
        "id": "b926b039-d820-3414-85b3-993abdd5dc1f",
        "vendor": {
          "name": "Zyxel"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2a566388-82f7-3f23-91b8-141a3bd929b6",
        "product": {
          "name": "NXC2500 firmware"
        },
        "product_version": "≤ 6.10(AAIG.3)"
      },
      {
        "id": "404e5270-1c5f-3f14-babc-c287bb135179",
        "product": {
          "name": "VPN series Firmware"
        },
        "product_version": "4.30 through 5.21"
      },
      {
        "id": "49c1d8be-b423-352e-8e5d-e7f9fe3ee8c0",
        "product": {
          "name": "USG FLEX series firmware"
        },
        "product_version": "4.50 through 5.21"
      },
      {
        "id": "55a129f0-107b-38f8-8c82-c7fbdc36cebe",
        "product": {
          "name": "ATP series firmware"
        },
        "product_version": "4.32 through 5.21"
      },
      {
        "id": "5eb6abf6-9c70-3587-9875-2e480d56e3ff",
        "product": {
          "name": "NWA50AX firmware"
        },
        "product_version": "≤ 6.25(ABYW.5)"
      },
      {
        "id": "60302f7d-c17f-3fe8-b7a0-6d59d40fe808",
        "product": {
          "name": "WAC500 firmware"
        },
        "product_version": "≤ 6.30(ABVS.2)"
      },
      {
        "id": "731e4f0f-6b04-3bd4-ac12-218312cabf53",
        "product": {
          "name": "USG/Zywall series Firmware"
        },
        "product_version": "4.09 through 4.71"
      },
      {
        "id": "7f95b2a6-973b-3c41-bc4d-f6a48db3b34a",
        "product": {
          "name": "WAX510D firmware"
        },
        "product_version": "≤ 6.30(ABTF.2)"
      },
      {
        "id": "98c68632-315a-30f5-bc41-0913674e1e9a",
        "product": {
          "name": "NAP203 firmware"
        },
        "product_version": "≤ 6.25(ABFA.7)"
      },
      {
        "id": "ae67469a-a5b3-3246-8456-49bb7539d7e5",
        "product": {
          "name": "NSG series firmware"
        },
        "product_version": "1.00 through 1.33 Patch 4"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2022-26531
zyxel	www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
seclists	www.seclists.org/fulldisclosure/2022/Jun/15
packetstormsecurity	www.packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html
packetstormsecurity	www.packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html

03 Oct 2025 20:07Current

7.7High risk

Vulners AI Score7.7

CVSS 3.16.1 - 7.8

CVSS 24.6

EPSS0.05805