CVE: CVE-2022-0556
Summary
Zyxel has released a patch addressing a local privilege escalation vulnerability in its AP Configurator. Users are advised to install it for optimal protection.
What is the vulnerability?
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) could allow an attacker to execute arbitrary code in a specific directory on the local system.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve confirmed that only ZAC is affected and released a patch to address the issue, as shown in the table below.
Affected model |
Patch availability |
ZAC |
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgement
Thanks to Trend Micro's Zero Day Initiative for reporting the issue to us.