CVE-2022-26531

Name of the Vulnerable Software and Affected Versions Zyxel USG/ZyWALL series versions 4.09 through 4.71 Zyxel USG FLEX series versions 4.50 through 5.21 Zyxel ATP series versions 4.32 through 5.21 Zyxel VPN series versions 4.30 through 5.21 Zyxel NSG series versions 1.00 through 1.33 Patch 4 Zyxel NXC2500 version 6.10(AAIG.3) and earlier versions Zyxel NAP203 version 6.25(ABFA.7) and earlier versions Zyxel NWA50AX version 6.25(ABYW.5) and earlier versions Zyxel WAC500 version 6.30(ABVS.2) and earlier versions Zyxel WAX510D version 6.30(ABTF.2) and earlier versions

Description The issue is related to multiple improper input validation flaws in some CLI commands of Zyxel network device firmware, which could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. This is due to insufficient input validation, allowing an attacker to exploit the vulnerability and potentially cause a denial of service.

Recommendations For Zyxel USG/ZyWALL series versions 4.09 through 4.71, update to a version outside of this range to mitigate the risk. For Zyxel USG FLEX series versions 4.50 through 5.21, update to a version outside of this range to mitigate the risk. For Zyxel ATP series versions 4.32 through 5.21, update to a version outside of this range to mitigate the risk. For Zyxel VPN series versions 4.30 through 5.21, update to a version outside of this range to mitigate the risk. For Zyxel NSG series versions 1.00 through 1.33 Patch 4, update to a version outside of this range to mitigate the risk. For Zyxel NXC2500 version 6.10(AAIG.3) and earlier versions, update to a version later than 6.10(AAIG.3) to mitigate the risk. For Zyxel NAP203 version 6.25(ABFA.7) and earlier versions, update to a version later than 6.25(ABFA.7) to mitigate the risk. For Zyxel NWA50AX version 6.25(ABYW.5) and earlier versions, update to a version later than 6.25(ABYW.5) to mitigate the risk. For Zyxel WAC500 version 6.30(ABVS.2) and earlier versions, update to a version later than 6.30(ABVS.2) to mitigate the risk. For Zyxel WAX510D version 6.30(ABTF.2) and earlier versions, update to a version later than 6.30(ABTF.2) to mitigate the risk.