Article: Zyxel Firewall Unauthenticated Remote Command Injection (CVE-2022-30525)

h0w1tzr’s Commentary: ZyXEL has released a patch for this vulnerability. If you have a model that is affected by this CVE you should patch it now.

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), which includes the ATP series, VPN series, and the USG FLEX series (including USG20-VPN and USG20W-VPN). The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and remote attacker to achieve arbitrary code execution as the nobody user on the affected device.

The following table contains the affected models and firmware versions.

Affected Model / Affected Firmware Version
USG FLEX 100, 100W, 200, 500, 700 / ZLD5.00 thru ZLD5.21 Patch 1
USG20-VPN, USG20W-VPN / ZLD5.10 thru ZLD5.21 Patch 1
ATP 100, 200, 500, 700, 800 / ZLD5.10 thru ZLD5.21 Patch 1


Leave a Reply