ZyXEL Firewall - Unauthenticated Remote Command Injection (CVE-2022-30525)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
ZyXEL Firewall is affected by an OS Command Injection vulnerability, located in the /ztp/cgi-bin/handler endpoint. The root cause of this vulnerability is the ability to pass unsanitized input to the
os.system
method in lib_wan_settings.py. A remote unauthenticated attacker could use the Common Gateway Interface (CGI) to send commands to the server via HTTP POST requests.- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the firewall device in order to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the firmware on the ZyXEL product to the latest version as instructed in the advisory.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- May 2022
- Published at
- Updated at
- Software Type
- Firewall
- Vendor
- ZyXEL Networks
- Product
- ZyXEL Firewall