← back
CVE-2022-30525

CVE-2022-30525

CVSS 9.8 CRITICALEPSS 99.9%● KEVCWE-78
In short

A vulnerability in Zyxel firewall and VPN devices allows attackers to run harmful system commands by manipulating certain files. This is critical because it gives attackers complete control over the device.

Technical detail

OS command injection in CGI program affects multiple Zyxel USG and ATP device models (firmware 5.00–5.21 Patch 1, with VPN series from 4.60). Attack vector involves modifying specific files to inject OS commands; requires network access to CGI interface. Impact: arbitrary command execution with device privileges.

Summary generated and translated by AI from the official description.
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Zyxel · ATP series firmwareZyxel · USG 20(W)-VPN firmwareZyxel · USG FLEX 100(W) firmwareZyxel · USG FLEX 200 firmwareZyxel · USG FLEX 500 firmwareZyxel · USG FLEX 50(W) firmwareZyxel · USG FLEX 700 firmwareZyxel · VPN series firmware
public PoCs found20
githubgithub.com/shuai06/CVE-2022-3052533githubgithub.com/jbaines-r7/victorian_machinery30githubgithub.com/Henry4E36/CVE-2022-3052522githubgithub.com/west9b/CVE-2022-3052512githubgithub.com/savior-only/CVE-2022-305254githubgithub.com/Chocapikk/CVE-2022-30525-Reverse-Shell4githubgithub.com/k0sf/CVE-2022-305253githubgithub.com/iveresk/cve-2022-305253githubgithub.com/cbk914/CVE-2022-30525_check2githubgithub.com/superzerosec/CVE-2022-305251githubgithub.com/ProngedFork/CVE-2022-305251githubgithub.com/arajsingh-infosec/CVE-2022-30525_Exploit1githubgithub.com/furkanzengin/CVE-2022-305251githubgithub.com/M4fiaB0y/CVE-2022-305251githubgithub.com/160Team/CVE-2022-305250exploitdbwww.exploit-db.com/exploits/50946unverifiedcve_referencepacketstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.htmlhttp://packetstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.htmlhttp://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-30525https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml