CVE-2022-0734 — MEDIUM (5.8)

Q: How severe is CVE-2022-0734?

CVE-2022-0734 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-0734?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Vpn100 Firmware, Zyxel Vpn100, Zyxel Vpn1000 Firmware, Zyxel Vpn1000, Zyxel Vpn300 Firmware.

Vulnerability Description

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zyxel	Vpn100 Firmware	>= 4.35, <= 5.20
Zyxel	Vpn100	-
Zyxel	Vpn1000 Firmware	>= 4.35, <= 5.20
Zyxel	Vpn1000	-
Zyxel	Vpn300 Firmware	>= 4.35, <= 5.20
Zyxel	Vpn300	-
Zyxel	Vpn50 Firmware	>= 4.35, <= 5.20
Zyxel	Vpn50	-
Zyxel	Atp100 Firmware	>= 4.35, <= 5.20
Zyxel	Atp100	-
Zyxel	Atp100W Firmware	>= 4.35, <= 5.20
Zyxel	Atp100W	-
Zyxel	Atp200 Firmware	>= 4.35, <= 5.20
Zyxel	Atp200	-
Zyxel	Atp500 Firmware	>= 4.35, <= 5.20
Zyxel	Atp500	-
Zyxel	Atp700 Firmware	>= 4.35, <= 5.20
Zyxel	Atp700	-
Zyxel	Atp800 Firmware	>= 4.35, <= 5.20
Zyxel	Atp800	-

Related Weaknesses (CWE)

CWE-79

References

https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controlleVendor Advisory
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controlleVendor Advisory

FAQ

What is CVE-2022-0734?

CVE-2022-0734 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series f...

How severe is CVE-2022-0734?

CVE-2022-0734 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0734?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Vpn100 Firmware, Zyxel Vpn100, Zyxel Vpn1000 Firmware, Zyxel Vpn1000, Zyxel Vpn300 Firmware.