Intrusion PreventionZyxel.Firewall.ZTP.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in Zyxel firewalls.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An unauthenticated remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.
Outbreak Alert
Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities. According to Fortinet research analysis the most recent distribution of Zerobot includes additional capabilities such a new DDoS attack capabilities and exploiting Apache vulnerabilities.
Affected Products
USG FLEX 100(W), 200, 500, 700 ZLD V5.00 through ZLD V5.21 Patch 1
USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 through ZLD V5.21 Patch 1
ATP series ZLD V5.10 through ZLD V5.21 Patch 1
VPN series ZLD V4.60 through ZLD V5.21 Patch 1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor.
https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-01 | 25.612 | Name:ZyXEL. Firewall. ZTP. Command. Injection:Zyxel. Firewall. ZTP. Command. Injection |
| 2022-06-09 | 21.336 | Default_action:pass:drop |
| 2022-05-17 | 20.317 |
| ID | 51551 |
| Created | May 16, 2022 |
| Updated | Jul 31, 2023 |
| Outbreak Alert | Zerobot Attack |
| Risk |
|
| CVE ID | CVE-2022-30525 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.47% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |