CVE-2022-34747
Use of Externally-Controlled Format String (CWE-134)
Published: Sep 6, 2022 / Updated: 26mo ago
010
CVSS 9.8EPSS 0.46%Critical
CVE info copied to clipboard
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
First Article
Feedly found the first article mentioning CVE-2022-34747. See article
Sep 6, 2022 at 1:30 AM / cve.report
Threat Intelligence Report
The vulnerability CVE-2022-34747 is a critical externally controlled format string vulnerability within a Zyxel NAS device binary. It has the potential to be exploited in the wild by threat actors, and there are currently no proof-of-concept exploits available. Mitigations, detections, and patches for this vulnerability are not yet available, posing downstream impacts to other third-party vendors or technologies utilizing Zyxel NAS devices. See article
Sep 14, 2022 at 5:37 PM
EPSS
EPSS Score was set to: 0.46% (Percentile: 72.2%)
Sep 17, 2023 at 6:43 AM
Affected Systems
Zyxel/nas326_firmware
+null more
Patches
www.zyxel.com
+null more
Attack Patterns
CAPEC-135: Format String Injection
+null more
References
Zyxel security advisory for format string vulnerability in NAS (CVE-2022-34747)
Zyxel has released patches for NAS products affected by a format string vulnerability. A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
Cybersecurity News and Updates September 9 2022 - The National Law Review
In that time, Vice Society threat actors have deployed modified versions of Hello Kitty and Zeppelin ransomware variants, exploited PrintNightmare vulnerabilities CVE-2021-1675 & CVE-2021-34527, and targeted education institutions with ransomware attacks. In this new Lazarus campaign, threat actors are exploiting Log4J vulnerabilities within VMWare Horizon and deploying VSingle/Yamabot/MagicRAT malware variants for reconnaissance, lateral movement through the network, data exfiltration, credential harvesting, and the disabling of anti-virus applications.
United States: Ankura CTIX FLASH Update - September 9, 2022 - Ankura Consulting Group LLC
campaign, threat actors are exploiting Log4J vulnerabilities within Moobot Botnet Exploits Various D-Link Vulnerabilities to Gain
See 5 more references
News
CVE-2022-34747: Zyxel NAS products unauthorized remote code execution flaw http://dlvr.it/SbjHt9 via securityonline
CVE-2022-34747: Zyxel NAS products unauthorized remote code execution flaw dlvr.it/SbjHt9 via securityonline
Zyxel vmg3926 b10b firmware. 13(AAXA. LoginAsk is here to help you ac...
LoginAsk is here to help you access Zyxel Vmg4325 B10a Password PLDT Home DSL (Kasda, Tenda, Zyxel, Baudtec, Huawei, Prolink, ZTE, Speedsurf, iGateway, Arcadyan, ADSL / VDSL modems) Username: admin Password: 1234 HUAWEI HG8145V5 AND WA8021V5 HOW TO NAVIGATE THE WIFI SETTINGS ON YOUR HUAWEI DEVICES Contents hide 1 Turn On/Off Your WiFi 2 Change WiFi Name and Participa en este hilo sobre ZyXel VMG1312-B10B no me conecta a internet. LoginAsk is here to help you access How To Log Into Zyxel Router quickly and HUAWEI HG8145V5 AND WA8021V5 HOW TO NAVIGATE THE WIFI SETTINGS ON YOUR HUAWEI DEVICES Contents hide 1 Turn On/Off Your WiFi 2 Change WiFi Name and SEC Consult recommends Zyxel customers to upgrade the firmware to the latest version available.
September 7, 2022
Excerpt: “Google says some former Conti ransomware gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations (NGOs). Excerpt: “Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity.
Cybersecurity News and Updates September 9 2022 - The National Law Review
In that time, Vice Society threat actors have deployed modified versions of Hello Kitty and Zeppelin ransomware variants, exploited PrintNightmare vulnerabilities CVE-2021-1675 & CVE-2021-34527, and targeted education institutions with ransomware attacks. In this new Lazarus campaign, threat actors are exploiting Log4J vulnerabilities within VMWare Horizon and deploying VSingle/Yamabot/MagicRAT malware variants for reconnaissance, lateral movement through the network, data exfiltration, credential harvesting, and the disabling of anti-virus applications.
Newly identified cyber espionage unit Worok targets high profile entities across multiple industry verticals
Active since at least 2020, the newly identified cyber espionage unit Worok has used both customised and existing malware to compromise high-profile entities in Africa, Asia, and the Middle East. In some instances, Worok has also been observed exploiting ProxyShell vulnerabilities – a group of vulnerabilities affecting Microsoft Exchange that enable remote code execution.
See 68 more articles and social media posts