Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls CVE-2022-30526, CVE-2022-2030

Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls

CVE: CVE-2022-30526, CVE-2022-2030

Summary

Zyxel has released patches for products affected by local privilege escalation and authenticated directory traversal vulnerabilities. Users are advised to install them for optimal protection.

What are the vulnerabilities?

CVE-2022-30526

A privilege escalation vulnerability was identified in the CLI command of some firewall versions that could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.

CVE-2022-2030

An authenticated directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of some firewall versions.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products for CVE-2022-30526 and CVE-2022-2030 that are within their vulnerability support period, with their firmware patches shown in the table below.

 

Affected model

Affected version

Patch availability

CVE-2022-30526

CVE-2022-0230

USG FLEX 100(W), 200, 500, 700

ZLD V4.50~V5.30

ZLD V4.50~V5.30

ZLD V5.31

USG FLEX 50(W) / USG20(W)-VPN

ZLD V4.16~V5.30

ZLD V4.16~V5.30

ZLD V5.31

ATP series

ZLD V4.32~V5.30

ZLD V4.32~V5.30

ZLD V5.31

VPN series

ZLD V4.30~V5.30

ZLD V4.30~V5.30

ZLD V5.31

USG/ZyWALL

ZLD V4.09~V4.72

ZLD V4.11~V4.72

ZLD V4.72 WK28

 

Got a question?

Please open a Support case, and we will assist you. Open Now!

 

Acknowledgment

Thanks to the following security consultancies for reporting the issues to us:

  • Rapid7 for CVE-2022-30526
  • Maurizio Agazzini (HN Security) in collaboration with SSD Secure Disclosure for CVE-2022-2030

Revision history

2022-07-19: Initial release

Articles in this section

Was this article helpful?
0 out of 1 found this helpful
Share