CVE: CVE-2022-0734

Descrizione: A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.

Vettore di attacco CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Riferimenti esterni

• https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml

Prodotti interessati

• Zyxel – USG/ZyWALL series firmware
• Zyxel – USG FLEX series firmware
• Zyxel – ATP series firmware
• Zyxel – VPN series firmware

Relazioni con altri prodotti

Produttore:Zyxel
Prodotto: USG/Zywall series Firmware
Anno: 2022
CWE: CWE-79
CVSS: 0.0

Produttore:Zyxel
Prodotto: USG FLEX series Firmware
Anno: 2022
CWE: CWE-79
CVSS: 0.0

Produttore:Zyxel
Prodotto: ATP series Firmware
Anno: 2022
CWE: CWE-79
CVSS: 0.0

Produttore:Zyxel
Prodotto: VPN series Firmware
Anno: 2022
CWE: CWE-79
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2022)