CVE-2022-0734
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Published: May 24, 2022 / Updated: 30mo ago
010
CVSS 6.1EPSS 0.06%Medium
CVE info copied to clipboard
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2022-0734. See article
May 24, 2022 at 2:17 AM / cve.report
EPSS
EPSS Score was set to: 0.06% (Percentile: 25.3%)
Sep 15, 2023 at 10:21 AM
Affected Systems
Zyxel/usg300_firmware
+null more
Patches
www.zyxel.com
+null more
Attack Patterns
CAPEC-209: XSS Using MIME Type Mismatch
+null more
References
Zyxel security advisory for multiple vulnerabilities of firewalls, AP controllers, and APs
Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. A command injection vulnerability in the "packet-trace" CLI command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the command.
News
Security update live blog – WeTransfer abused, Linux malware lurking | #linux | #linuxsecurity
Refresh 2022-09-13T15:24:53.003Z (Image credit: Shutterstock) New Linux malware found targeting endpoints of all types A brand new malware, targeting Linux devices, was recently discovered. Dubbed Shikitega, by researchers from AT&T Alien Labs that first discovered it, the malware can do all sorts of things, from controlling the webcam on the... The post Security update live blog – WeTransfer abused, Linux malware lurking #linux #linuxsecurity appeared first on NATIONAL CYBER SECURITY NEWS TODAY .
Zyxel Updates NAS Devices to Fix Potential Security Flaw
CVE-2022-26532: Certain firewall, AP controller, and AP versions contain the 'packet-trace' CLI command that contains a command injection vulnerability that might allow a local, authorized attacker to execute arbitrary OS instructions by providing specially crafted inputs to the function. This revelation follows Zyxel's July patching of the CVE-2022-30526 and CVE-2022-2030 vulnerabilities impacting its firewall products, which affect local root access and authenticated directory traverse.
Zyxel addressed a critical RCE flaw in its NAS devices
Networking device maker Zyxel is warning customers today of a new critical remote code execution (RCE) vulnerability impacting three models of its Networked Attached Storage (NAS) products. “A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.”
Zyxel addressed a critical RCE flaw in its NAS devices
“A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.” Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices.
Zyxel addressed a critical RCE flaw in its NAS devices
Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices.
See 58 more articles and social media posts