mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
845 lines
24 KiB
JSON
845 lines
24 KiB
JSON
{
|
|
"id": "CVE-2022-30526",
|
|
"sourceIdentifier": "security@zyxel.com.tw",
|
|
"published": "2022-07-19T06:15:08.827",
|
|
"lastModified": "2024-11-21T07:02:52.850",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha identificado una vulnerabilidad de escalada de privilegios en el comando CLI del firmware Zyxel USG FLEX 100(W) versiones 4.50 a 5.30, firmware USG FLEX 200 versiones 4.50 a 5.30, firmware USG FLEX 500 versiones 4.50 a 5.30, firmware USG FLEX 700 versiones 4.50 a 5.30, firmware USG FLEX 50(W) versiones 4.16 a 5. 30, firmware USG20(W)-VPN versiones 4.16 a 5.30, firmware de la serie ATP versiones 4.32 a 5.30, firmware de la serie VPN versiones 4.30 a 5.30, firmware de la serie USG/ZyWALL versiones 4.09 a 4.72, lo que podr\u00eda permitir a un atacante local ejecutar algunos comandos del sistema operativo con privilegios de root en algunos directorios de un dispositivo vulnerable."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security@zyxel.com.tw",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security@zyxel.com.tw",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-269"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-269"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.50",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "168114AC-C949-4CA5-B4B4-BF9FB5890DA2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.50",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "0EFADF80-716E-4000-93D4-0CB3B277BA25"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.50",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "7FABAFF3-61E8-4C97-BEFE-1D68788167FB"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.50",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "21C293BE-791E-4D1C-8E72-9E0464444274"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.16",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "5094FAF7-6D9A-44EF-B779-86468D82B03C"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.16",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "0EF21C51-050F-4B01-9618-60919AEFEC6A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.32",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "50A72101-97B4-4770-A6F7-D25B3A0AE45E"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.32",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "650D7D9B-65A7-4949-9F6C-9A3B7BDD17F5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.32",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "1C376DD7-8378-42BE-92F1-872500E882D4"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.32",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "F9DC83BF-6F99-4345-BE51-4FB93F38FD21"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.32",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "4E464C22-5D8C-4D85-9F65-8485972C3524"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.32",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "F5A44B6A-B1BC-481F-9D08-61E50F58EB1A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "DBBB154D-46EB-4D97-B5F4-01ADA359C5AC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "4D0BC145-7EF2-4B13-BE26-A567EEF06613"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "75627990-29D4-40F3-8E66-975F1898B6D5"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "0F357DD8-0C9E-418E-98B4-0F1292AA7176"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "352F3388-9107-4B41-AAD8-D11965D78240"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "BC1F7BCE-342F-4847-BB89-2B47384A54C9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg_2200-vpn:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32F7F370-C585-45FE-A7F7-40BFF13928CF"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "F6FBACC4-A37C-4023-A656-F3428A74D542"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "B1C3F76A-6963-4B2F-AAF4-9E3BBB0627D6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.30",
|
|
"versionEndIncluding": "5.30",
|
|
"matchCriteriaId": "61ED5800-D09B-4953-AB0F-65AE3EF33C57"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.09",
|
|
"versionEndIncluding": "4.72",
|
|
"matchCriteriaId": "20E65AC2-F493-4E10-924B-3F5D5FE2B6FF"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.09",
|
|
"versionEndIncluding": "4.72",
|
|
"matchCriteriaId": "611A3CB1-D0ED-4B4E-A28E-D69ED31035DF"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.09",
|
|
"versionEndIncluding": "4.72",
|
|
"matchCriteriaId": "D546A4A3-130F-439C-9C28-8D18870F0A58"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.09",
|
|
"versionEndIncluding": "4.72",
|
|
"matchCriteriaId": "CED1826F-286E-4795-87C4-6FFD997BDB46"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html",
|
|
"source": "security@zyxel.com.tw",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml",
|
|
"source": "security@zyxel.com.tw",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |