CVE-2022-30525

Description from NVD

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Information Acquisition Date:2022-05-31T16:40Z
CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml
     source:CONFIRM
     tags:Vendor Advisory    
 http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com56
http://cyberiqs.com/latestnews41
https://lists.astaro.com/ASGV9-IPS-rules.html#036
https://opsmtrs.com/2ZFbaTl9
http://t.me/gobies7
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-...5
https://securityaffairs.co/wordpress/131363/hacking/cisa-cv...5
https://securityonline.info/cve-2022-30525-zyxel-firewall-r...5
https://ift.tt/N6r9L853
https://github.com/jbaines-r7/victorian_machinery3
https://twitter.com/sheikhrishad0/status/15257590431128002563
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/1...3
https://www.zyxel.com/support/Zyxel-security-advisory-for-O...3
https://tweetedtimes.com/r45c4l?s=tnp3
https://www.helpnetsecurity.com/2022/05/13/cve-2022-305253
https://ipssignatures.appspot.com/?cve=CVE-2022-305253

Information from Twitter

User URL Info Source Date
sicehice https://twitter.com/sicehice/status/1630346212703346691/pho... Source sicehice         1630346212703346691 2023/02/28
fletch_ai https://bit.ly/3l9rC9K Source fletch_ai        1636116330901381121 2023/03/16

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com56
cyberiqs.com41
lists.astaro.com36
opsmtrs.com9
t.me7
www.rapid7.com5
securityaffairs.co5
securityonline.info5
ift.tt3
github.com3
twitter.com3
www.cisa.gov3
www.zyxel.com3
tweetedtimes.com3
www.helpnetsecurity.com3
ipssignatures.appspot.com3

Information from Twitter

User URL Info Source
sicehice twitter.com Show Tweet
fletch_ai bit.ly Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2023/03/16 Score : 0
Added Har-sia Database : 2022/05/12
Last Modified : 2023/03/16
Highest Scored Date : 2022/05/13
Highest Score : 76