Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-30525
PUBLISHEDA OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware...
- Vendor
- Zyxel
- Product
- USG FLEX 100(W) firmware, USG FLEX 200 firmware, USG FLEX 500 firmware, USG FLEX 700 firmware, ATP series firmware, VPN series firmware, USG FLEX 50(W) firmware, USG 20(W)-VPN firmware
- Published
- May 12, 2022
- EPSS
- —
Description
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2022-05-16 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml
- http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html
- http://packetstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.html
- http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | May 16, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zyxel_ztp_rce.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-30525.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-01-15 20:02:24 UTC · 2 stars
github · Created 2022-05-28 07:19:31 UTC · 12 stars
CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC
github · Created 2022-05-18 15:22:17 UTC · 2 stars
Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
github · Created 2022-05-16 04:45:43 UTC · 3 stars
CVE-2022-30525(Zxyel 防火墙命令注入)的概念证明漏洞利用
github · Created 2022-05-13 18:16:31 UTC · 4 stars
Zyxel 防火墙未经身份验证的远程命令注入
github · Created 2022-05-13 12:58:43 UTC · 33 stars
Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)批量检测脚本
github · Created 2022-05-13 12:03:28 UTC · 22 stars
Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit