CVE-2022-30526

Name of the Vulnerable Software and Affected Versions Zyxel USG FLEX 100(W) versions 4.50 through 5.30 Zyxel USG FLEX 200 versions 4.50 through 5.30 Zyxel USG FLEX 500 versions 4.50 through 5.30 Zyxel USG FLEX 700 versions 4.50 through 5.30 Zyxel USG FLEX 50(W) versions 4.16 through 5.30 Zyxel USG20(W)-VPN versions 4.16 through 5.30 Zyxel ATP series versions 4.32 through 5.30 Zyxel VPN series versions 4.30 through 5.30 Zyxel USG/ZyWALL series versions 4.09 through 4.72

Description A privilege escalation issue in the command-line interface (CLI) of Zyxel USG FLEX, ATP, and VPN firewalls allows an attacker to overwrite files with arbitrary content, potentially enabling the execution of arbitrary commands with root privileges. This could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.

Recommendations For Zyxel USG FLEX 100(W) versions 4.50 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel USG FLEX 200 versions 4.50 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel USG FLEX 500 versions 4.50 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel USG FLEX 700 versions 4.50 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel USG FLEX 50(W) versions 4.16 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel USG20(W)-VPN versions 4.16 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel ATP series versions 4.32 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel VPN series versions 4.30 through 5.30, update to a version outside of this range to mitigate the risk. For Zyxel USG/ZyWALL series versions 4.09 through 4.72, update to a version outside of this range to mitigate the risk.