CVE-2022-0734 MEDIUM

CVE-2022-0734

Vendor Zyxel

Product USG/ZyWALL series firmware

Weakness CWE-79 · XSS

Published May 24, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.

Key dates

02Disclosure timeline

May 24, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0734 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-0734

CWE CWE-79

CVSS 5.8 / MEDIUM

Affected versions

Vendor Zyxel

Product USG/ZyWALL series firmware

Affected 4.35 through 4.70

Vendor Zyxel

Product USG FLEX series firmware

Affected 4.50 through 5.20

Vendor Zyxel

Product ATP series firmware

Affected 4.35 through 5.20

Vendor Zyxel

Product VPN series firmware

Affected 4.35 through 5.20

CVE-2022-0734

01Description

02Disclosure timeline

03References

04Related CVE