CVE-2022-26413 - OpenCVE

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Zyxel	Vmg3927-t50k Vmg3927-b60a Vmg8825-b50a Firmware Vmg3927-t50k Firmware Vmg8825-b60b Firmware Ex3510-b0 Firmware Pm7300-t0 Firmware Ex5501-b0 Ex3510-b0 Xmg8825-b50a Emg5523-t50b Firmware Emg6726-b10a Firmware Vmg3625-t50b Firmware Vmg8825-t50k Vmg3927-b50a Emg3525-t50b Firmware Emg6726-b10a Vmg3312-t20a Emg5523-t50b Vmg3927-b50b Emg5723-t50k Firmware Vmg4927-b50a Vmg8623-t50b Vmg8825-b50b Vmg8825-t50k Firmware Pmg5317-t20b Firmware Emg5723-t50k Vmg8825-b50a Xmg3927-b50a Ep240p Vmg3927-b50a Firmware Vmg8825-b60b Vmg1312-t20b Firmware Pmg5617-t20b2 Firmware Vmg3927-b60a Firmware Ex5401-b0 Firmware Pmg5617ga Dx5401-b0 Firmware Pmg5317-t20b Ax7501-b0 Firmware Px7501-b0 Ax7501-b0 Pmg5622ga Firmware Pm7300-t0 Ep240p Firmware Pmg5622ga Pmg5617-t20b2 Pmg5617ga Firmware Px7501-b0 Firmware Vmg8825-b60a Vmg4927-b50a Firmware Xmg8825-b50a Firmware Vmg8825-b50b Firmware Emg3525-t50b Xmg3927-b50a Firmware Vmg8825-b60a Firmware Vmg1312-t20b Vmg3927-b50b Firmware Ex5401-b0 Dx5401-b0 Vmg3312-t20a Firmware Ex5501-b0 Firmware Vmg3625-t50b Vmg8623-t50b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:vmg3312-t20a_firmware:5.30\(abfx.5\)c0:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3312-t20a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:zyxel:emg3525-t50b_firmware:::::america:::*
	cpe:2.3:o:zyxel:emg3525-t50b_firmware:::::emea:::*

cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:zyxel:emg5523-t50b_firmware:::::america:::*
	cpe:2.3:o:zyxel:emg5523-t50b_firmware:::::emea:::*

cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b50b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b50b:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:zyxel:vmg8825-b60b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg8825-b60b:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:zyxel:px7501-b0_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:px7501-b0:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Zyxel

Published: 2022-04-11T12:00:19

Updated: 2022-04-11T12:00:19

Reserved: 2022-03-04T00:00:00

Link: CVE-2022-26413

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-11T13:15:07.763

Modified: 2022-04-15T03:34:49.220

Link: CVE-2022-26413

JSON object: View

Redhat Information

No data.

CWE

CWE-78