阿里云漏洞库

漏洞描述

Zyxel USG/ZyWALL是中国合勤科技（Zyxel）公司的一款防火墙。

Zyxel USG/ZyWALL 4.09 - 4.71、USG FLEX 4.50 - 5.21、ATP 4.32 - 5.21、VPN 4.30 - 5.21、NSG 1.00 - 1.33 Patch 4、NXC2500 6.10(AAIG.3)及之前版本、NAP203 6.25(ABFA.7) 及之前版本、NWA50AX 6.25(ABYW.5) 及之前版本、WAC500 6.30(ABVS.2) 及之前版本， WAX510D 6.30(ABTF.2) 及之前版本存在输入验证错误漏洞，该漏洞源于对某些 CLI 命令中用户提供的输入的验证不充分，本地攻击者利用该漏洞执行拒绝服务 (DoS) 攻击。

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml

参考链接
http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-Stri...
http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of...
http://seclists.org/fulldisclosure/2022/Jun/15
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-contro...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	zyxel	atp100w_firmware	*	From (including) 4.32	Up to (including) 5.21
	运行在以下环境
	系统	zyxel	atp100_firmware	*	From (including) 4.32	Up to (including) 5.21
	运行在以下环境
	系统	zyxel	atp200_firmware	*	From (including) 4.32	Up to (including) 5.21
	运行在以下环境
	系统	zyxel	atp500_firmware	*	From (including) 4.32	Up to (including) 5.21
	运行在以下环境
	系统	zyxel	atp700_firmware	*	From (including) 4.32	Up to (including) 5.21
	运行在以下环境
	系统	zyxel	atp800_firmware	*	From (including) 4.32	Up to (including) 5.21
	运行在以下环境
	系统	zyxel	nap203_firmware	*		Up to (including) 6.25\(abfa.7\)
	运行在以下环境
	系统	zyxel	nap303_firmware	*		Up to (including) 6.25\(abex.7\)
	运行在以下环境
	系统	zyxel	nap353_firmware	*		Up to (including) 6.25\(abey.7\)
	运行在以下环境
	系统	zyxel	nsg100_firmware	*	From (including) 1.00	Up to (excluding) 1.33
	运行在以下环境
	系统	zyxel	nsg100_firmware	1.33	-
	运行在以下环境
	系统	zyxel	nsg300_firmware	*	From (including) 1.00	Up to (excluding) 1.33
	运行在以下环境
	系统	zyxel	nsg300_firmware	1.33	-
	运行在以下环境
	系统	zyxel	nsg50_firmware	*	From (including) 1.00	Up to (excluding) 1.33
	运行在以下环境
	系统	zyxel	nsg50_firmware	1.33	-
	运行在以下环境
	系统	zyxel	nwa110ax_firmware	*		Up to (including) 6.30\(abtg.2\)
	运行在以下环境
	系统	zyxel	nwa1123-ac-hd_firmware	*		Up to (including) 6.25\(abin.6\)
	运行在以下环境
	系统	zyxel	nwa1123-ac-pro_firmware	*		Up to (including) 6.25\(abhd.7\)
	运行在以下环境
	系统	zyxel	nwa1123acv3_firmware	*		Up to (including) 6.30\(abvt.2\)
	运行在以下环境
	系统	zyxel	nwa1302-ac_firmware	*		Up to (including) 6.25\(abku.6\)
	运行在以下环境
	系统	zyxel	nwa210ax_firmware	*		Up to (including) 6.30\(abtd.2\)
	运行在以下环境
	系统	zyxel	nwa50ax_firmware	*		Up to (including) 6.25\(abyw.5\)
	运行在以下环境
	系统	zyxel	nwa5123-ac-hd_firmware	*		Up to (including) 6.25\(abim.6\)
	运行在以下环境
	系统	zyxel	nwa55axe_firmware	*		Up to (including) 6.25\(abzl.5\)
	运行在以下环境
	系统	zyxel	nwa90ax_firmware	*		Up to (including) 6.27\(accv.2\)
	运行在以下环境
	系统	zyxel	nxc2500_firmware	*		Up to (including) 6.10\(aaig.3\)
	运行在以下环境
	系统	zyxel	nxc5500_firmware	*		Up to (including) 6.10\(aaos.3\)
	运行在以下环境
	系统	zyxel	usg200_firmware	*	From (including) 4.09	Up to (including) 4.71
	运行在以下环境
	系统	zyxel	usg20_firmware	*	From (including) 4.09	Up to (including) 4.71
	运行在以下环境
	系统	zyxel	usg210_firmware	*	From (including) 4.09	Up to (including) 4.71
	运行在以下环境
	系统	zyxel	usg2200_firmware	*	From (including) 4.09	Up to (including) 4.71
	运行在以下环境
系统	zyxel	usg300_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg310_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_1100_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_110_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_1900_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_20w-vpn_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_20w_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_2200-vpn_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_310_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_40w_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_40_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_60w_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_60_firmware	*	From (including) 4.09	Up to (including) 4.71
运行在以下环境
系统	zyxel	usg_flex_100w_firmware	*	From (including) 4.50	Up to (including) 5.21
运行在以下环境
系统	zyxel	usg_flex_100_firmware	*	From (including) 4.50	Up to (including) 5.21
运行在以下环境
系统	zyxel	usg_flex_200_firmware	*	From (including) 4.50	Up to (including) 5.21
运行在以下环境
系统	zyxel	usg_flex_500_firmware	*	From (including) 4.50	Up to (including) 5.21
运行在以下环境
系统	zyxel	usg_flex_700_firmware	*	From (including) 4.50	Up to (including) 5.21
运行在以下环境
系统	zyxel	vpn1000_firmware	*	From (including) 4.30	Up to (including) 5.21
运行在以下环境
系统	zyxel	vpn100_firmware	*	From (including) 4.30	Up to (including) 5.21
运行在以下环境
系统	zyxel	vpn300_firmware	*	From (including) 4.30	Up to (including) 5.21
运行在以下环境
系统	zyxel	vpn50_firmware	*	From (including) 4.30	Up to (including) 5.21
运行在以下环境
系统	zyxel	wac500h_firmware	*		Up to (including) 6.30\(abwa.2\)
运行在以下环境
系统	zyxel	wac500_firmware	*		Up to (including) 6.30\(abvs.2\)
运行在以下环境
系统	zyxel	wac5302d-sv2_firmware	*		Up to (including) 6.25\(abvz.6\)
运行在以下环境
系统	zyxel	wac5302d-s_firmware	*		Up to (including) 6.10\(abfh.10\)
运行在以下环境
系统	zyxel	wac6103d-i_firmware	*		Up to (including) 6.25\(aaxh.7\)
运行在以下环境
系统	zyxel	wac6303d-s_firmware	*		Up to (including) 6.25\(abgl.6\)
运行在以下环境
系统	zyxel	wac6502d-e_firmware	*		Up to (including) 6.25\(aasd.7\)
运行在以下环境
系统	zyxel	wac6502d-s_firmware	*		Up to (including) 6.25\(aase.7\)
运行在以下环境
系统	zyxel	wac6503d-s_firmware	*		Up to (including) 6.25\(aasf.7\)
运行在以下环境
系统	zyxel	wac6552d-s_firmware	*		Up to (including) 6.25\(abio.7\)
运行在以下环境
系统	zyxel	wac6553d-s_firmware	*		Up to (including) 6.25\(aasg.7\)
运行在以下环境
系统	zyxel	wax510d_firmware	*		Up to (including) 6.30\(abtf.2\)
运行在以下环境
系统	zyxel	wax610d_firmware	*		Up to (including) 6.30\(abte.2\)
运行在以下环境
系统	zyxel	wax630s_firmware	*		Up to (including) 6.30\(abzd.2\)
运行在以下环境
系统	zyxel	wax650s_firmware	*		Up to (including) 6.30\(abrm.2\)
运行在以下环境
硬件	zyxel	atp100	-	-
运行在以下环境
硬件	zyxel	atp100w	-	-
运行在以下环境
硬件	zyxel	atp200	-	-
运行在以下环境
硬件	zyxel	atp500	-	-
运行在以下环境
硬件	zyxel	atp700	-	-
运行在以下环境
硬件	zyxel	atp800	-	-
运行在以下环境
硬件	zyxel	nap203	-	-
运行在以下环境
硬件	zyxel	nap303	-	-
运行在以下环境
硬件	zyxel	nap353	-	-
运行在以下环境
硬件	zyxel	nsg100	-	-
运行在以下环境
硬件	zyxel	nsg300	-	-
运行在以下环境
硬件	zyxel	nsg50	-	-
运行在以下环境
硬件	zyxel	nwa110ax	-	-
运行在以下环境
硬件	zyxel	nwa1123-ac-hd	-	-
运行在以下环境
硬件	zyxel	nwa1123-ac-pro	-	-
运行在以下环境
硬件	zyxel	nwa1123acv3	-	-
运行在以下环境
硬件	zyxel	nwa1302-ac	-	-
运行在以下环境
硬件	zyxel	nwa210ax	-	-
运行在以下环境
硬件	zyxel	nwa50ax	-	-
运行在以下环境
硬件	zyxel	nwa5123-ac-hd	-	-
运行在以下环境
硬件	zyxel	nwa55axe	-	-
运行在以下环境
硬件	zyxel	nwa90ax	-	-
运行在以下环境
硬件	zyxel	nxc2500	-	-
运行在以下环境
硬件	zyxel	nxc5500	-	-
运行在以下环境
硬件	zyxel	usg20	-	-
运行在以下环境
硬件	zyxel	usg200	-	-
运行在以下环境
硬件	zyxel	usg210	-	-
运行在以下环境
硬件	zyxel	usg2200	-	-
运行在以下环境
硬件	zyxel	usg300	-	-
运行在以下环境
硬件	zyxel	usg310	-	-
运行在以下环境
硬件	zyxel	usg_110	-	-
运行在以下环境
硬件	zyxel	usg_1100	-	-
运行在以下环境
硬件	zyxel	usg_1900	-	-
运行在以下环境
硬件	zyxel	usg_20w	-	-
运行在以下环境
硬件	zyxel	usg_20w-vpn	-	-
运行在以下环境
硬件	zyxel	usg_2200-vpn	-	-
运行在以下环境
硬件	zyxel	usg_310	-	-
运行在以下环境
硬件	zyxel	usg_40	-	-
运行在以下环境
硬件	zyxel	usg_40w	-	-
运行在以下环境
硬件	zyxel	usg_60	-	-
运行在以下环境
硬件	zyxel	usg_60w	-	-
运行在以下环境
硬件	zyxel	usg_flex_100	-	-
运行在以下环境
硬件	zyxel	usg_flex_100w	-	-
运行在以下环境
硬件	zyxel	usg_flex_200	-	-
运行在以下环境
硬件	zyxel	usg_flex_500	-	-
运行在以下环境
硬件	zyxel	usg_flex_700	-	-
运行在以下环境
硬件	zyxel	vpn100	-	-
运行在以下环境
硬件	zyxel	vpn1000	-	-
运行在以下环境
硬件	zyxel	vpn300	-	-
运行在以下环境
硬件	zyxel	vpn50	-	-
运行在以下环境
硬件	zyxel	wac500	-	-
运行在以下环境
硬件	zyxel	wac500h	-	-
运行在以下环境
硬件	zyxel	wac5302d-s	-	-
运行在以下环境
硬件	zyxel	wac5302d-sv2	-	-
运行在以下环境
硬件	zyxel	wac6103d-i	-	-
运行在以下环境
硬件	zyxel	wac6303d-s	-	-
运行在以下环境
硬件	zyxel	wac6502d-e	-	-
运行在以下环境
硬件	zyxel	wac6502d-s	-	-
运行在以下环境
硬件	zyxel	wac6503d-s	-	-
运行在以下环境
硬件	zyxel	wac6552d-s	-	-
运行在以下环境
硬件	zyxel	wac6553d-s	-	-
运行在以下环境
硬件	zyxel	wax510d	-	-
运行在以下环境
硬件	zyxel	wax610d	-	-
运行在以下环境
硬件	zyxel	wax630s	-	-
运行在以下环境
硬件	zyxel	wax650s	-	-

攻击路径

本地
攻击复杂度

复杂
权限要求

无需权限
影响范围

全局影响
EXP成熟度

未验证
补丁情况

官方补丁
数据保密性

无影响
数据完整性

传输被破坏
服务器危害

DoS
全网数量

N/A

CWE-ID	漏洞类型
CWE-20	输入验证不恰当

中危 Zyxel USG/ZyWALL 输入验证错误漏洞（CVE-2022-26531）

漏洞描述

解决建议

参考链接

受影响软件情况