Critical Unauthenticated RCE Vulnerability in Zyxel Firewalls – CVE-2022-30525

Share :

On Thursday, May 12, 2022, Zyxel released a patch advisory for an unauthenticated remote code execution (RCE) vulnerability in their line of Firewall products tracked as CVE-2022-30525. The exploitation of this vulnerability can allow a threat actor to modify specific files and execute code remotely on a vulnerable appliance.

Proof of Concept (PoC) exploit code for this vulnerability has been made publicly available via multiple sources. This has led to threat actors beginning to exploit this vulnerability in the wild through opportunistic attacks. Arctic Wolf assesses this vulnerability to be a high risk and strongly recommends you identify if they are using any of the below impacted Zyxel products and apply applicable patches promptly.

Impacted Products

Affected model Affected firmware version Patch availability
USG FLEX 100(W), 200, 500, 700 ZLD V5.00 through ZLD V5.21 Patch 1 ZLD V5.30
USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 through ZLD V5.21 Patch 1 ZLD V5.30
ATP series ZLD V5.10 through ZLD V5.21 Patch 1 ZLD V5.30
VPN series ZLD V4.60 through ZLD V5.21 Patch 1 ZLD V5.30


Picture of Adrian Korn

Adrian Korn

Adrian Korn is a seasoned cyber security professional with 7+ years' experience in cyber threat intelligence, threat detection, and security operations. He currently serves as the Manager of Threat Intelligence Research at Arctic Wolf Labs. Adrian has been a guest speaker on intelligence related topics at numerous conferences around the world, including DEF CON's Recon Village, Hackfest, and the Australian OSINT Symposium.
Share :
Table of Contents
Subscribe to our Monthly Newsletter