S4E

CVE-2022-30525 Scanner

Detects 'Command Injection' vulnerability in Zyxel USG FLEX 100(W), USG FLEX 200, USG FLEX 500, USG FLEX 700, USG FLEX 50(W), USG20(W)-VPN, ATP series, VPN series affects v. Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 3 days

Scan only one

Domain, IPv4

Toolbox

-

Zyxel USG FLEX 100(W), USG FLEX 200, USG FLEX 500, USG FLEX 700, USG FLEX 50(W), USG20(W)-VPN, ATP series, and VPN series are enterprise-grade security gateway products that offer comprehensive protection for networks of all sizes. These products are widely used in businesses and organizations that require top-notch network security solutions that can protect their digital assets from cyber threats such as malware, ransomware, and phishing attacks.

In recent news, a potentially devastating vulnerability, CVE-2022-30525, has been discovered in the CGI program of all Zyxel security gateway products with firmware versions 5.00 through 5.21 Patch 1. This vulnerability could allow an attacker to execute arbitrary code remotely and gain full control of a vulnerable device. This could put organizations at risk of data theft, network compromise, and other malicious activities.

If this vulnerability is exploited by an attacker, it can lead to serious consequences for organizations that rely on Zyxel security gateway products. Attackers could gain access to sensitive data and use it for fraudulent purposes, compromise network resources, and use them for illegal activities such as spamming, DDoS attacks, and more.

To protect against vulnerabilities in other digital assets and stay informed of potential threats, organizations can take advantage of the pro features of the s4e.io platform. By using this tool, they can gain insight into the potential risks they face and receive guidance on the best ways to protect themselves against them. By staying vigilant and proactive, businesses can protect their networks and keep their data safe from cyber threats.

 

REFERENCES

Get started to protecting your Free Full Security Scan