Zyxel published a security advisory for multiple vulnerabilities found in firewalls, AP controllers, and APs. The company advised users to install the updates for optimal protection. Zyxel also stated that vulnerabilities were reported by security consultancies. Vulnerabilities are tracked as, CVE-2022-0734, CVE-2022-26531, CVE-2022-26532, and CVE-2022-0910.
Vulnerabilities and affected products
- CVE-2022-0734: A cross-site scripting vulnerability was identified in the CGI program of some firewall versions that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.
- CVE-2022-26531: Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
- CVE-2022-26532: A command injection vulnerability in the “packet-trace” CLI command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the command.
- CVE-2022-0910: An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.
| Firewall | Affected version | Patch availability | |||
|---|---|---|---|---|---|
| CVE-2022-0734 | CVE-2022-26531 | CVE-2022-26532 | CVE-2022-0910 | ||
| USG/ZyWALL | ZLD V4.35~V4.70 | ZLD V4.09~V4.71 | ZLD V4.09~V4.71 | ZLD V4.32~V4.71 | ZLD V4.72 |
| USG FLEX | ZLD V4.50~V5.20 | ZLD V4.50~V5.21 | ZLD V4.50~V5.21 | ZLD V4.50~V5.21 | ZLD V5.30 |
| ATP | ZLD V4.35~V5.20 | ZLD V4.32~V5.21 | ZLD V4.32~V5.21 | ZLD V4.32~V5.21 | ZLD V5.30 |
| VPN | ZLD V4.35~V5.20 | ZLD V4.30~V5.21 | ZLD V4.30~V5.21 | ZLD V4.32~V5.21 | ZLD V5.30 |
| NSG | Not affected | V1.00~V1.33 Patch 4 | V1.00~V1.33 Patch 4 | Not affected | V1.33 Patch 5* |
*Available in middle of Jun.
| AP Controller | Affected version | Patch availability |
|---|---|---|
| CVE-2022-26531 and CVE-2022-26532 | ||
| NXC2500 | 6.10(AAIG.3) and earlier | Hotfix by request** |
| NXC5500 | 6.10(AAOS.3) and earlier | Hotfix by request** |
| AP | Affected version | Patch availability |
|---|---|---|
| CVE-2022-26531 and CVE-2022-26532 | ||
| NAP203 | 6.25(ABFA.7) and earlier | 6.25(ABFA.8) |
| NAP303 | 6.25(ABEX.7) and earlier | 6.25(ABEX.8) |
| NAP353 | 6.25(ABEY.7) and earlier | 6.25(ABEY.8) |
| NWA50AX | 6.25(ABYW.5) and earlier | 6.25(ABYW.8) |
| NWA55AXE | 6.25(ABZL.5) and earlier | 6.25(ABZL.8) |
| NWA90AX | 6.27(ACCV.2) and earlier | 6.27(ACCV.3) |
| NWA110AX | 6.30(ABTG.2) and earlier | 6.30(ABTG.3) |
| NWA210AX | 6.30(ABTD.2) and earlier | 6.30(ABTD.3) |
| NWA1123-AC-HD | 6.25(ABIN.6) and earlier | 6.25(ABIN.8) |
| NWA1123-AC-PRO | 6.25(ABHD.7) and earlier | 6.25(ABHD.8) |
| NWA1123ACv3 | 6.30(ABVT.2) and earlier | 6.30(ABVT.3) |
| NWA1302-AC | 6.25(ABKU.6) and earlier | 6.25(ABKU.8) |
| NWA5123-AC-HD | 6.25(ABIM.6) and earlier | 6.25(ABIM.8) |
| WAC500H | 6.30(ABWA.2) and earlier | 6.30(ABWA.3) |
| WAC500 | 6.30(ABVS.2) and earlier | 6.30(ABVS.3) |
| WAC5302D-S | 6.10(ABFH.10) and earlier | Hotfix by request |
| WAC5302D-Sv2 | 6.25(ABVZ.6) and earlier | 6.25(ABVZ.8) |
| WAC6103D-I | 6.25(AAXH.7) and earlier | 6.25(AAXH.8) |
| WAC6303D-S | 6.25(ABGL.6) and earlier | 6.25(ABGL.8) |
| WAC6502D-E | 6.25(AASD.7) and earlier | 6.25(AASD.8) |
| WAC6502D-S | 6.25(AASE.7) and earlier | 6.25(AASE.8) |
| WAC6503D-S | 6.25(AASF.7) and earlier | 6.25(AASF.8) |
| WAC6553D-E | 6.25(AASG.7) and earlier | 6.25(AASG.8) |
| WAC6552D-S | 6.25(ABIO.7) and earlier | 6.25(ABIO.8) |
| WAX510D | 6.30(ABTF.2) and earlier | 6.30(ABTF.3) |
| WAX610D | 6.30(ABTE.2) and earlier | 6.30(ABTE.3) |
| WAX630S | 6.30(ABZD.2) and earlier | 6.30(ABZD.3) |
| WAX650S | 6.30(ABRM.2) and earlier | 6.30(ABRM.3) |