Skip to main content

Critical Unauthenticated RCE Vulnerability in Zyxel Firewalls - CVE-2022-30525

On Thursday, May 12, 2022, Zyxel released a patch advisory for an unauthenticated remote code execution (RCE) vulnerability in their line of Firewall products tracked as CVE-2022-30525. The exploitation of this vulnerability can allow a threat actor to modify specific files and execute code remotely on a vulnerable appliance.

Proof of Concept (PoC) exploit code for this vulnerability has been made publicly available via multiple sources. This has led to threat actors beginning to exploit this vulnerability in the wild through opportunistic attacks. Arctic Wolf assesses this vulnerability to be a high risk and strongly recommends you identify if they are using any of the below impacted Zyxel products and apply applicable patches promptly.

Impacted Products

Affected model Affected firmware version Patch availability

USG FLEX 100(W), 200, 500, 700

ZLD V5.00 through ZLD V5.21 Patch 1

ZLD V5.30


ZLD V5.10 through ZLD V5.21 Patch 1

ZLD V5.30

ATP series

ZLD V5.10 through ZLD V5.21 Patch 1

ZLD V5.30

VPN series

ZLD V4.60 through ZLD V5.21 Patch 1

ZLD V5.30


About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar