CVE-2022-0342

Name of the Vulnerable Software and Affected Versions Zyxel USG/ZyWALL series versions 4.20 through 4.70 Zyxel USG FLEX series versions 4.50 through 5.20 Zyxel ATP series versions 4.32 through 5.20 Zyxel VPN series versions 4.30 through 5.20 Zyxel NSG series versions V1.20 through V1.33 Patch 4

Description The issue is related to an authentication bypass vulnerability in the CGI program of the affected Zyxel devices, which could allow an attacker to bypass web authentication and obtain administrative access to the device. This vulnerability is associated with deficiencies in the authentication procedure. Exploitation of the vulnerability may allow a remote attacker to bypass the authentication process and elevate their privileges.

Recommendations For Zyxel USG/ZyWALL series versions 4.20 through 4.70, update to a version outside of this range to resolve the issue. For Zyxel USG FLEX series versions 4.50 through 5.20, update to a version outside of this range to resolve the issue. For Zyxel ATP series versions 4.32 through 5.20, update to a version outside of this range to resolve the issue. For Zyxel VPN series versions 4.30 through 5.20, update to a version outside of this range to resolve the issue. For Zyxel NSG series versions V1.20 through V1.33 Patch 4, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the CGI program until a patch is available.