Zyxel security advisory for local privilege escalation vulnerability of AP Configurator

CVE: CVE-2022-0556

Summary

Zyxel has released a patch addressing a local privilege escalation vulnerability in its AP Configurator. Users are advised to install it for optimal protection.

What is the vulnerability?

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) could allow an attacker to execute arbitrary code in a specific directory on the local system.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve confirmed that only ZAC is affected and released a patch to address the issue, as shown in the table below.

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgement

Thanks to Trend Micro's Zero Day Initiative for reporting the issue to us.