Back to KEVs

CVE-2022-30525

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 10, 2022
Published Date
May 12, 2022
Last Updated
January 29, 2025
Vendor
Zyxel
Product
USG FLEX 100(W) firmware, USG FLEX 200 firmware, USG FLEX 500 firmware, USG FLEX 700 firmware, ATP series firmware, VPN series firmware, USG FLEX 50(W) firmware, USG 20(W)-VPN firmware
Description
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2022-05-16 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2022-05-16 09:15:43 UTC) Source

References

https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html http://packetstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.html http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-05-16 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zyxel_ztp_rce.rb 2025-04-29 11:01:16 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-30525.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

zyxel_ztp_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-30525

cbk914/CVE-2022-30525_check

Type: github • Created: 2023-01-15 20:02:24 UTC • Stars: 2

west9b/CVE-2022-30525

Type: github • Created: 2022-05-28 07:19:31 UTC • Stars: 12

CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC

Chocapikk/CVE-2022-30525-Reverse-Shell

Type: github • Created: 2022-05-18 15:22:17 UTC • Stars: 2

Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

superzerosec/CVE-2022-30525

Type: github • Created: 2022-05-16 09:15:43 UTC • Stars: 1

CVE-2022-30525 POC exploit

k0sf/CVE-2022-30525

Type: github • Created: 2022-05-16 04:45:43 UTC • Stars: 3

CVE-2022-30525(Zxyel 防火墙命令注入)的概念证明漏洞利用

savior-only/CVE-2022-30525

Type: github • Created: 2022-05-13 18:16:31 UTC • Stars: 4

Zyxel 防火墙未经身份验证的远程命令注入

shuai06/CVE-2022-30525

Type: github • Created: 2022-05-13 12:58:43 UTC • Stars: 33

Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)批量检测脚本

Henry4E36/CVE-2022-30525

Type: github • Created: 2022-05-13 12:03:28 UTC • Stars: 22

Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)