{"containers": {"cna": {"affected": [{"product": "USG/ZyWALL series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "4.35 through 4.70"}]}, {"product": "USG FLEX series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "4.50 through 5.20"}]}, {"product": "ATP series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "4.35 through 5.20"}]}, {"product": "VPN series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "4.35 through 5.20"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-24T02:10:12", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2022-0734", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "USG/ZyWALL series firmware", "version": {"version_data": [{"version_value": "4.35 through 4.70"}]}}, {"product_name": "USG FLEX series firmware", "version": {"version_data": [{"version_value": "4.50 through 5.20"}]}}, {"product_name": "ATP series firmware", "version": {"version_data": [{"version_value": "4.35 through 5.20"}]}}, {"product_name": "VPN series firmware", "version": {"version_data": [{"version_value": "4.35 through 5.20"}]}}]}, "vendor_name": "Zyxel"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script."}]}, "impact": {"cvss": {"baseScore": "5.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"}]}}}}, "cveMetadata": {"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2022-0734", "datePublished": "2022-05-24T02:10:12", "dateReserved": "2022-02-23T00:00:00", "dateUpdated": "2022-05-24T02:10:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EB7ECE1-BA79-4F6B-92E6-72EAD8C1A89D", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF538EAF-7694-4953-86AE-4F12F8B88315", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C3D7EC0-7209-4E60-8A2F-A23CF47A4794", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "14C64F26-4FFF-4102-9D06-EFD9E4921580", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6BE3BA8-E117-4C98-9221-502DA903CA27", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25040B80-E884-44F4-902E-A8F2E27C25C6", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED15A33-FB60-44CD-978C-9D1FBD3CE5E0", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "27A45A78-3301-49BE-A1B1-47DC5596012B", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "913F6F7E-2D5B-4684-83C8-7929C0E385F7", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5788E87A-A69D-4EB8-BBA9-99DEFABFA2A6", "versionEndIncluding": "5.20", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2766165-4833-4744-BE12-D4D92C0337F2", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_110:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7E32879-01A2-49B1-A354-068CEB1CA3A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_1100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CC99D50-3D1A-444F-949A-A7BBF664233F", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_1100:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC4B9AC6-7C55-42BD-A1D8-F5D5A19AC59D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_1900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "641BB3FE-BC96-494C-A6E4-A033365E691E", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_1900:-:*:*:*:*:*:*:*", "matchCriteriaId": "92CE6F04-403B-4A52-A3A5-DD0190CF15D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_20w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1316118-0B3F-4C87-A44E-B9571A381009", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_20w:-:*:*:*:*:*:*:*", "matchCriteriaId": "6CD5A4AB-0CC2-4CAF-AAFA-0F866174842F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C24C8004-00BB-4AC1-978C-9D7FA036729F", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC603F1A-561C-4602-AE82-FF40E876F9A1", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F7F370-C585-45FE-A7F7-40BFF13928CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_310_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F47477FF-6AAC-4517-8271-FE03B5E4E2E9", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_310:-:*:*:*:*:*:*:*", "matchCriteriaId": "38B7995C-80E0-413B-9F2C-387EF3703927", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "555D068D-8855-420A-BD1B-08F4926FF02A", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_40:-:*:*:*:*:*:*:*", "matchCriteriaId": "D84DDB81-DE66-4427-8833-633B45A45A14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_40w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "378B84DA-D2E8-4EA3-B659-88E9F25811EB", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_40w:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F11F36C-60DB-4D81-A320-53EEE43758C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEC9EE6F-F6B1-48C5-8646-CBDBA2A495D5", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_60:-:*:*:*:*:*:*:*", "matchCriteriaId": "C65DB5E9-2FE3-4807-970E-A42FDF82B50E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_60w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "75048E46-0CB5-4300-A5E4-CBCE5FE67BCF", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_60w:-:*:*:*:*:*:*:*", "matchCriteriaId": "82864EF6-B63D-4947-A18C-AE0156CCA7FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "293C6F8B-51F7-44A5-ACAD-10586C9EB610", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05959C9F-4209-4B0B-81DD-6C98BFC43F7B", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4F8A08F-8531-444E-BE70-6C0096BE8CAC", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8553EF99-5F25-4F96-840C-1D5146C9CAF9", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C2F72A1-7D2D-4BC3-8440-937435507F5C", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5046F464-AA4F-47D9-9050-CF0A5C9E6C9C", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg200:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F7F15F3-9A55-462F-8AE3-EE71B759DE68", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECB8D8BC-4FEE-434C-AB4E-E847051B1919", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg20:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F5C3A2C-12EA-4FAE-B088-665A90494685", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "63BEED27-C36F-4245-9218-C10DED73A9C2", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg210:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAFF1122-755A-4531-AA2E-FD6E8478F92F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg2200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F504210A-CDA6-4C30-98FC-707870E37E05", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "231547C3-33B8-42B7-983E-AA3C6CA5D107", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA7DB6C7-035B-4421-94A3-87F431BFA324", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg300:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC3082ED-A564-494D-8427-B61F15F6DD88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg310_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB6E0DD5-DA40-4672-A6DD-A98145DCC86A", "versionEndIncluding": "4.70", "versionStartIncluding": "4.35", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg310:-:*:*:*:*:*:*:*", "matchCriteriaId": "F302801D-3720-4598-8458-A8938BD6CB46", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de tipo cross-site scripting en el programa CGI de Zyxel USG/ZyWALL series versiones de firmware 4.35 hasta 4.70 , USG FLEX series versiones de firmware 4.50 hasta 5.20, ATP series versiones de firmware 4.35 hasta 5.20 y VPN series versiones de firmware 4.35 hasta 5.20, que podr\u00eda permitir a un atacante obtener alguna informaci\u00f3n almacenada en el navegador del usuario, como cookies o tokens de sesi\u00f3n, por medio de un script malicioso"}], "id": "CVE-2022-0734", "lastModified": "2022-06-06T18:16:13.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2022-05-24T03:15:09.093", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}

{}