mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 18:27:13 +00:00
1.7 KiB
1.7 KiB
Zyxel Path Traversal Vulnerability (CVE-2022-2030)
| Vulnerability | Zyxel Path Traversal Vulnerability (CVE-2022-2030) |
|---|---|
| Chinese name | Zyxel 路径遍历漏洞 (CVE-2022-2030) |
| CVSS core | 7.5 |
| FOFA Query (click to view the results directly) | body="/2FA-access.cgi" && body="zyxel zyxel_style1" |
| Number of assets affected | 6860 |
| Description | Zyxel USG FLEX is a firewall from China's Zyxel Technology (Zyxel). Offers flexible VPN options (IPsec, SSL or L2TP) to provide flexible and secure remote access for remote work and management.A security vulnerability in Zyxel products stems from a directory traversal vulnerability found in some CGI programs caused by improper handling of specific character sequences in URLs, combined with vulnerability cve-2022-0342 that could allow an unauthenticated attacker to access vulnerable Attack some restricted files on the device. The following products and versions are affected: Zyxel USG FLEX 100(W) firmware version 4.50 to 5.30, USG FLEX 200 firmware version 4.50 to 5.30, USG FLEX 500 firmware version 4.50 to 5.30, USG FLEX 700 firmware version 4.50 to 5.30, USG FLEX 50 (W) firmware version 4.16 to 5.30, USG20(W)-VPN firmware version 4.16 to 5.30, ATP series firmware version 4.32 to 5.30, VPN series firmware version 4.30 to 5.30, USG/ZyWALL series firmware version 4.11 to 4.72. |
| Impact | Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system. |
