CVE-2022-34747 - OpenCVE

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zyxel	Nas326 Nas326 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Zyxel

Published: 2022-09-06T01:20:10

Updated: 2022-09-06T01:20:10

Reserved: 2022-06-28T00:00:00

Link: CVE-2022-34747

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-06T02:15:07.517

Modified: 2022-09-08T14:50:28.883

Link: CVE-2022-34747

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"product": "Zyxel NAS326 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< V5.21(AAZF.12)C0"}]}], "descriptions": [{"lang": "en", "value": "A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134: Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T01:20:10", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2022-34747", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zyxel NAS326 firmware", "version": {"version_data": [{"version_value": "< V5.21(AAZF.12)C0"}]}}]}, "vendor_name": "Zyxel"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet."}]}, "impact": {"cvss": {"baseScore": "9.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-134: Use of Externally-Controlled Format String"}]}]}, "references": {"reference_data": [{"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml"}]}}}}, "cveMetadata": {"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2022-34747", "datePublished": "2022-09-06T01:20:10", "dateReserved": "2022-06-28T00:00:00", "dateUpdated": "2022-09-06T01:20:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2859006C-00D3-4CF0-B9EF-4CEDD737CF98", "versionEndExcluding": "5.21\\(aazf.12\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet."}, {"lang": "es", "value": "Una vulnerabilidad de cadena de formato en Zyxel NAS326 versiones de firmware anteriores a V5.21(AAZF.12)C0, podr\u00eda permitir a un atacante lograr una ejecuci\u00f3n remota no autorizada de c\u00f3digo por medio de un paquete UDP dise\u00f1ado.\n"}], "id": "CVE-2022-34747", "lastModified": "2022-09-08T14:50:28.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2022-09-06T02:15:07.517", "references": [{"source": "security@zyxel.com.tw", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-134"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}