Main
Vulnerability Database
Exploits
ID:8312 - Exploit for Permissions, Privileges, and Access Controls in ZyXEL Communications Corp. products - CVE-2022-30526
ID:8312 - Exploit for Permissions, Privileges, and Access Controls in ZyXEL Communications Corp. products - CVE-2022-30526
Published: August 31, 2022
Vulnerability identifier: #VU65410
Vulnerability risk: Low
CVE-ID: CVE-2022-30526
CWE-ID: CWE-264
Exploitation vector: Local access
Vulnerable software:
USG FLEX 200
USG FLEX 100W
USG FLEX 500
USG FLEX 700
USG FLEX 50W
USG20W-VPN
ATP series
VPN series
USG series
ZyWALL
USG FLEX 200
USG FLEX 100W
USG FLEX 500
USG FLEX 700
USG FLEX 50W
USG20W-VPN
ATP series
VPN series
USG series
ZyWALL
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the CLI command. A local attacker can execute arbitrary OS commands with root privileges.
Remediation
Install updates from vendor's website.