A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00626.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Zyxel VMG3312-T20A firmware affected
Version Status Constraints
V5.30(ABFX.5)C0 affected

Configuration 1 [-]

AND
cpe:2.3:o:zyxel:vmg3312-t20a_firmware:5.30\(abfx.5\)c0:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3312-t20a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:america:*:*:*
cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:emea:*:*:*
cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:america:*:*:*
cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:emea:*:*:*
cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:zyxel:vmg8825-b50b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8825-b50b:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:zyxel:vmg8825-b60b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:vmg8825-b60b:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:zyxel:px7501-b0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:px7501-b0:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Zyxel Subscribe
Ax7501-b0 Subscribe
Ax7501-b0 Firmware Subscribe
Dx5401-b0 Subscribe
Dx5401-b0 Firmware Subscribe
Emg3525-t50b Subscribe
Emg3525-t50b Firmware Subscribe
Emg5523-t50b Subscribe
Emg5523-t50b Firmware Subscribe
Emg5723-t50k Subscribe
Emg5723-t50k Firmware Subscribe
Emg6726-b10a Subscribe
Emg6726-b10a Firmware Subscribe
Ep240p Subscribe
Ep240p Firmware Subscribe
Ex3510-b0 Subscribe
Ex3510-b0 Firmware Subscribe
Ex5401-b0 Subscribe
Ex5401-b0 Firmware Subscribe
Ex5501-b0 Subscribe
Ex5501-b0 Firmware Subscribe
Pm7300-t0 Subscribe
Pm7300-t0 Firmware Subscribe
Pmg5317-t20b Subscribe
Pmg5317-t20b Firmware Subscribe
Pmg5617-t20b2 Subscribe
Pmg5617-t20b2 Firmware Subscribe
Pmg5617ga Subscribe
Pmg5617ga Firmware Subscribe
Pmg5622ga Subscribe
Pmg5622ga Firmware Subscribe
Px7501-b0 Subscribe
Px7501-b0 Firmware Subscribe
Vmg1312-t20b Subscribe
Vmg1312-t20b Firmware Subscribe
Vmg3312-t20a Subscribe
Vmg3312-t20a Firmware Subscribe
Vmg3625-t50b Subscribe
Vmg3625-t50b Firmware Subscribe
Vmg3927-b50a Subscribe
Vmg3927-b50a Firmware Subscribe
Vmg3927-b50b Subscribe
Vmg3927-b50b Firmware Subscribe
Vmg3927-b60a Subscribe
Vmg3927-b60a Firmware Subscribe
Vmg3927-t50k Subscribe
Vmg3927-t50k Firmware Subscribe
Vmg4927-b50a Subscribe
Vmg4927-b50a Firmware Subscribe
Vmg8623-t50b Subscribe
Vmg8623-t50b Firmware Subscribe
Vmg8825-b50a Subscribe
Vmg8825-b50a Firmware Subscribe
Vmg8825-b50b Subscribe
Vmg8825-b50b Firmware Subscribe
Vmg8825-b60a Subscribe
Vmg8825-b60a Firmware Subscribe
Vmg8825-b60b Subscribe
Vmg8825-b60b Firmware Subscribe
Vmg8825-t50k Subscribe
Vmg8825-t50k Firmware Subscribe
Xmg3927-b50a Subscribe
Xmg3927-b50a Firmware Subscribe
Xmg8825-b50a Subscribe
Xmg8825-b50a Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2022-30972 A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2024-08-03T05:03:32.814Z

Reserved: 2022-03-04T00:00:00

Link: CVE-2022-26413

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-11T13:15:07.763

Modified: 2024-11-21T06:53:54.313

Link: CVE-2022-26413

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses