CVE-2022-30525 (Zyxel Firewall Remote Command Injection)
A python based exploit for CVE-2022-30525
Vulnerability Summary (NIST)
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 up to and including 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 up to and including 5.21 Patch 1, ATP series firmware versions 5.10 up to and including 5.21 Patch 1, VPN series firmware versions 4.60 up to and including 5.21 Patch 1, which could allow an malicious user to modify specific files and then execute some OS commands on a vulnerable device.
Severity and Metrics:
| CVSS | Base Score | Impact Score | Exploitability Score |
|---|---|---|---|
| v2 | 10 | 10 | 10 |
| v3 | 9.8 | 5.9 | 3.9 |
Vulnerable Products
| Product |
|---|
| zyxel usg_flex_100w_firmware |
| zyxel usg_flex_200_firmware |
| zyxel usg_flex_500_firmware |
| zyxel usg_flex_700_firmware |
| zyxel vpn100_firmware |
| zyxel vpn1000_firmware |
| zyxel vpn300_firmware |
| zyxel vpn50_firmware |
| zyxel atp100_firmware |
| zyxel atp100w_firmware |
| zyxel atp200_firmware |
| zyxel atp500_firmware |
| zyxel atp700_firmware |
| zyxel atp800_firmware |
| zyxel usg_flex_50w_firmware |
| zyxel usg20w-vpn_firmware |