CVE-2022-26413 - OpenCVE

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Ax7501-b0 Ax7501-b0 Firmware Dx5401-b0 Dx5401-b0 Firmware Emg3525-t50b Emg3525-t50b Firmware Emg5523-t50b Emg5523-t50b Firmware Emg5723-t50k Emg5723-t50k Firmware Emg6726-b10a Emg6726-b10a Firmware Ep240p Ep240p Firmware Ex3510-b0 Ex3510-b0 Firmware Ex5401-b0 Ex5401-b0 Firmware Ex5501-b0 Ex5501-b0 Firmware Pm7300-t0 Pm7300-t0 Firmware Pmg5317-t20b Pmg5317-t20b Firmware Pmg5617-t20b2 Pmg5617-t20b2 Firmware Pmg5617ga Pmg5617ga Firmware Pmg5622ga Pmg5622ga Firmware Px7501-b0 Px7501-b0 Firmware Vmg1312-t20b Vmg1312-t20b Firmware Vmg3312-t20a Vmg3312-t20a Firmware Vmg3625-t50b Vmg3625-t50b Firmware Vmg3927-b50a Vmg3927-b50a Firmware Vmg3927-b50b Vmg3927-b50b Firmware Vmg3927-b60a Vmg3927-b60a Firmware Vmg3927-t50k Vmg3927-t50k Firmware Vmg4927-b50a Vmg4927-b50a Firmware Vmg8623-t50b Vmg8623-t50b Firmware Vmg8825-b50a Vmg8825-b50a Firmware Vmg8825-b50b Vmg8825-b50b Firmware Vmg8825-b60a Vmg8825-b60a Firmware Vmg8825-b60b Vmg8825-b60b Firmware Vmg8825-t50k Vmg8825-t50k Firmware Xmg3927-b50a Xmg3927-b50a Firmware Xmg8825-b50a Xmg8825-b50a Firmware

Configuration 1 [-]

AND

cpe:2.3:h:zyxel:vmg3312-t20a:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:vmg3312-t20a_firmware:5.30\(abfx.5\)c0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:zyxel:emg3525-t50b_firmware:::::america:::*
	cpe:2.3:o:zyxel:emg3525-t50b_firmware:::::emea:::*

Configuration 3 [-]

AND

cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:zyxel:emg5523-t50b_firmware:::::america:::*
	cpe:2.3:o:zyxel:emg5523-t50b_firmware:::::emea:::*

Configuration 4 [-]

AND

cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b50b:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b60b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b60b:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:zyxel:px7501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:px7501-b0:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zyxel

Published: 2022-04-11T12:00:19

Updated: 2024-08-03T05:03:32.814Z

Reserved: 2022-03-04T00:00:00

Link: CVE-2022-26413

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-11T13:15:07.763

Modified: 2022-04-15T03:34:49.220

Link: CVE-2022-26413

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object