CVE-2022-30525

KEV

Published: Mag 12, 2022 Last Modified: Ott 27, 2025

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

HIGH 10,0

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: complete

Integrity: complete

Availability: complete

Description

AI Translation Available

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,9445

Percentile

1,0th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Non-Repudiation

Potential Impacts:

Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities

Applicable Platforms

Technologies: AI/ML, Not Technology-Specific, Web Server

Likelihood of Exploit: High

View CWE Details

Exploit

Zyxel USG FLEX 5.21 - OS Command Injection

Author: Valentin Lobstein Published:

View Exploit Code →

Operating System

Usg Flex 700 Firmware by Zyxel

Product Information

Vendor Zyxel

Product Usg Flex 700 Firmware

Version Range Affected

From 5.00 (inclusive)

To 5.30 (exclusive)

CPE Identifier

CVE-2022-30525

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Consequences

Applicable Platforms

Zyxel USG FLEX 5.21 - OS Command Injection

Usg Flex 700 Firmware by Zyxel

Product Information

Vpn50 Firmware by Zyxel

Product Information

Atp500 Firmware by Zyxel

Product Information

Usg Flex 500 Firmware by Zyxel

Product Information

Vpn300 Firmware by Zyxel

Product Information

Atp100W Firmware by Zyxel

Product Information

Vpn100 Firmware by Zyxel

Product Information

Atp100 Firmware by Zyxel

Product Information

Usg Flex 200 Firmware by Zyxel

Product Information

Atp800 Firmware by Zyxel

Product Information

Usg Flex 100W Firmware by Zyxel

Product Information

Usg20W-Vpn Firmware by Zyxel

Product Information

Atp200 Firmware by Zyxel

Product Information

Atp700 Firmware by Zyxel

Product Information

Usg Flex 50W Firmware by Zyxel

Product Information

Vpn1000 Firmware by Zyxel

Product Information

Iscriviti alla newsletter