CVE-2022-0342 — CRITICAL (9.8)

Q: How severe is CVE-2022-0342?

CVE-2022-0342 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-0342?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg40 Firmware, Zyxel Usg40, Zyxel Usg40W Firmware, Zyxel Usg40W, Zyxel Usg60 Firmware.

Vulnerability Description

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Usg40 Firmware	>= 4.20, < 4.71
Zyxel	Usg40	-
Zyxel	Usg40W Firmware	>= 4.20, < 4.71
Zyxel	Usg40W	-
Zyxel	Usg60 Firmware	>= 4.20, < 4.71
Zyxel	Usg60	-
Zyxel	Usg60W Firmware	>= 4.20, < 4.71
Zyxel	Usg60W	-
Zyxel	Zywall 110 Firmware	>= 4.20, < 4.71
Zyxel	Zywall 110	-
Zyxel	Zywall 310 Firmware	>= 4.20, < 4.71
Zyxel	Zywall 310	-
Zyxel	Zywall 1100 Firmware	>= 4.20, < 4.71
Zyxel	Zywall 1100	-
Zyxel	Usg Flex 100 Firmware	>= 4.50, <= 5.20
Zyxel	Usg Flex 100	-
Zyxel	Usg Flex 200 Firmware	>= 4.50, <= 5.20
Zyxel	Usg Flex 200	-
Zyxel	Usg Flex 500 Firmware	>= 4.50, <= 5.20
Zyxel	Usg Flex 500	-

Related Weaknesses (CWE)

CWE-287

References

https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-Vendor Advisory
https://www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-Vendor Advisory

FAQ

What is CVE-2022-0342?

CVE-2022-0342 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versi...

How severe is CVE-2022-0342?

CVE-2022-0342 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-0342?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg40 Firmware, Zyxel Usg40, Zyxel Usg40W Firmware, Zyxel Usg40W, Zyxel Usg60 Firmware.