中危 Zyxel USG/ZyWALL跨站脚本漏洞(CVE-2022-0734)
CVE编号
CVE-2022-0734利用情况
暂无补丁情况
官方补丁披露时间
2022-05-24漏洞描述
Zyxel USG/ZyWALL是中国合勤科技(Zyxel)公司的一款防火墙。 Zyxel USG/ZyWALL 4.35-4.70、USG FLEX 4.50-5.20、ATP 4.35-5.20和VPN 4.35-5.20版本中的CGI程序存在跨站脚本漏洞,该漏洞源于存在输入验证错误,攻击者利用该漏洞可进行跨站点脚本攻击。解决建议
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
参考链接 |
|
|---|---|
| https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-contro... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | zyxel | atp100w_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | atp100_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | atp200_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | atp500_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | atp700_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | atp800_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg200_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg20_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg210_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg2200_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg300_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg310_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_1100_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_110_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_1900_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_20w-vpn_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_20w_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_2200-vpn_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_310_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_40w_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_40_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_60w_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_60_firmware | * | From (including) 4.35 | Up to (including) 4.70 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_100w_firmware | * | From (including) 4.50 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_100_firmware | * | From (including) 4.50 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_200_firmware | * | From (including) 4.50 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_500_firmware | * | From (including) 4.50 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | usg_flex_700_firmware | * | From (including) 4.50 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | vpn1000_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | vpn100_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | vpn300_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 系统 | zyxel | vpn50_firmware | * | From (including) 4.35 | Up to (including) 5.20 | ||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | atp100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | atp100w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | atp200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | atp500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | atp700 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | atp800 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg210 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg2200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg300 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg310 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_110 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_1100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_1900 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_20w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_20w-vpn | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_2200-vpn | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_310 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_40 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_40w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_60 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_60w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_100w | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | usg_flex_700 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | vpn100 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | vpn1000 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | vpn300 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | zyxel | vpn50 | - | - | |||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-79 | 在Web页面生成时对输入的转义处理不恰当(跨站脚本) |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论