{"id": "CVE-2022-0342", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-03-28T13:15:07.747", "references": [{"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml", "tags": ["Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el programa CGI de USG/ZyWALL de Zyxel versiones de firmware de las series 4.20 a 4.70, las versiones de firmware de la serie USG FLEX 4.50 a 5.20, las versiones de firmware de la serie ATP 4.32 a 5.20, las versiones de firmware de la serie VPN 4.30 a 5.20 y las versiones de firmware de la serie NSG V1.20 a V1.33 Parche 4, que podr\u00eda permitir a un atacante omitir la autenticaci\u00f3n web y obtener acceso administrativo al dispositivo"}], "lastModified": "2022-04-04T17:27:58.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "446021BD-AEA3-47E8-BF5D-6C649012E84D", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CCD2777-CC85-4BAA-B16B-19C2DB8DB742"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg40w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B57804DF-D913-4300-8744-81DB99621240", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg40w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0906F3FA-793B-421D-B957-7E9C18C1AEC0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg60_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9ED6C58-3BF5-424F-AFB1-F6955F3488BB", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg60:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26900300-1325-4C8A-BC3B-A10233B2462A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg60w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB78B59-C4C7-4595-9221-DDC0DCE09BB0", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg60w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A5A7555E-BC29-460C-A701-7DCDEAFE67F3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zywall_110_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77FEF751-62FE-4F1B-A84C-30967A605EF5", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:zywall_110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "145E41D9-E376-4B8E-A34F-F2C7ECFD649D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zywall_310_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46647BB-F930-4648-A25D-C18D71D7A434", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:zywall_310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B40C703E-C7C0-4B49-A336-83853D3E8C31"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zywall_1100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2755DDA-287F-4C79-B663-C5DA9DBC5052", "versionEndExcluding": "4.71", "versionStartIncluding": "4.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:zywall_1100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BCE32A1C-A730-4893-BCB9-F753F8E65440"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293C6F8B-51F7-44A5-ACAD-10586C9EB610", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4F8A08F-8531-444E-BE70-6C0096BE8CAC", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8553EF99-5F25-4F96-840C-1D5146C9CAF9", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05959C9F-4209-4B0B-81DD-6C98BFC43F7B", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C2F72A1-7D2D-4BC3-8440-937435507F5C", "versionEndIncluding": "5.20", "versionStartIncluding": "4.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724173AB-0DA0-4EFE-A011-FAEF14A95D2A", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A589B630-B42D-4BD5-BBBD-E71C8B5456B8", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14B0DB32-9453-47D8-8024-E6C8505DB617", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5E79634-60EC-4548-B8BC-61E5560CBE75", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BACE4393-DE77-4CE1-A453-B155A3CF9A7C", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D3DC512-0DE4-42DB-AD0C-240AB1B901B1", "versionEndIncluding": "5.20", "versionStartIncluding": "4.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn50_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62B6CADB-1FB0-4442-A116-055636AB6ECA", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1265B3B-7C70-46C0-8E0C-1C05C7EF99EE", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B770A62D-3B2C-4B91-BB8E-4F36D3F20C9C", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vpn1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C509426-81BE-46AB-B083-DEA0DC762C85", "versionEndExcluding": "5.21", "versionStartIncluding": "4.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nsg300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40E88F87-44B1-4104-A8EB-3BC4A0BA3A45", "versionEndExcluding": "1.33", "versionStartIncluding": "1.20"}, {"criteria": "cpe:2.3:o:zyxel:nsg300_firmware:1.33:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D43F6C03-E7EE-43B9-81B7-2B298134A591"}, {"criteria": "cpe:2.3:o:zyxel:nsg300_firmware:1.33:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97697676-94E6-4A6A-B9FB-07D8DD48BA06"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nsg300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58B0886D-9AF4-453F-96DB-7ABAA5EE3B78"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}