CVE-2022-26414 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Zyxel	CNA	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
zyxel	vmg3312-t20a_firmware	5.30\(abfx.5\)c0
zyxel	emg3525-t50b_firmware	𝑥 < 5.50\(abpm.6\)c0
zyxel	emg3525-t50b_firmware	𝑥 < 5.50\(abpm.6\)c0
zyxel	emg5523-t50b_firmware	𝑥 < 5.50\(abpm.6\)c0
zyxel	emg5523-t50b_firmware	𝑥 < 5.50\(abpm.6\)c0
zyxel	emg5723-t50k_firmware	𝑥 < 5.50\(abom.7\)c0
zyxel	emg6726-b10a_firmware	𝑥 < 5.13\(abnp.7\)c0
zyxel	vmg1312-t20b_firmware	𝑥 < 5.50\(absb.5\)c0
zyxel	vmg3625-t50b_firmware	𝑥 < 5.50\(abpm.6\)c0
zyxel	vmg3927-b50a_firmware	𝑥 < 5.17\(abmt.6\)c0
zyxel	vmg3927-b50b_firmware	𝑥 < 5.13\(ably.7\)c0
zyxel	vmg3927-b60a_firmware	𝑥 < 5.17\(abmt.6\)c0
zyxel	vmg3927-t50k_firmware	𝑥 < 5.50\(abom.7\)c0
zyxel	vmg4927-b50a_firmware	𝑥 < 5.13\(ably.7\)c0
zyxel	vmg8623-t50b_firmware	𝑥 < 5.50\(abpm.6\)c0
zyxel	vmg8825-b50a_firmware	𝑥 < 5.17\(abmt.6\)c0
zyxel	vmg8825-b50b_firmware	𝑥 < 5.17\(abny.7\)c0
zyxel	vmg8825-t50k_firmware	𝑥 < 5.50\(abom.7\)c0
zyxel	vmg8825-b60a_firmware	𝑥 < 5.17\(abmt.6\)c0
zyxel	vmg8825-b60b_firmware	𝑥 < 5.17\(abny.7\)c0
zyxel	xmg3927-b50a_firmware	𝑥 < 5.17\(abmt.6\)c0
zyxel	xmg8825-b50a_firmware	𝑥 < 5.17\(abmt.6\)c0
zyxel	dx5401-b0_firmware	𝑥 < 5.17\(abyo.1\)c0
zyxel	ex3510-b0_firmware	𝑥 < 5.17\(abup.4\)c1
zyxel	ex5401-b0_firmware	𝑥 < 5.17\(abyo.1\)c0
zyxel	ex5501-b0_firmware	𝑥 < 5.17\(abry.2\)c0
zyxel	ax7501-b0_firmware	𝑥 < 5.17\(abpc.1\)c0
zyxel	ep240p_firmware	𝑥 < 5.40\(abh.0\)c0
zyxel	pm7300-t0_firmware	𝑥 < 5.42\(acbc.1\)c0
zyxel	pmg5317-t20b_firmware	𝑥 < 5.40\(abki.4\)c0
zyxel	pmg5617ga_firmware	𝑥 < 5.40\(abna.2\)c0
zyxel	pmg5617-t20b2_firmware	𝑥 < 5.41\(acbb.1\)c0
zyxel	pmg5622ga_firmware	𝑥 < 5.40\(abnb.2\)c0
zyxel	px7501-b0_firmware	𝑥 < 5.17\(abpc.1\)c0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml