CVE-2022-0734: Cross-Site Scripting Vulnerability in Zyxel USG/ZyWALL, USG FLEX, ATP, and VPN Series Firmware

A Cross-Site Scripting (XSS) vulnerability (CVE-2022-0734) has been discovered in various Zyxel firewall series. This vulnerability poses a significant security risk, as it could allow an attacker to obtain sensitive information stored in a user's browser, such as cookies or session tokens, by injecting malicious scripts. Firewall series affected by this vulnerability are:

- Zyxel USG/ZyWALL series firmware versions 4.35 to 4.70

VPN series firmware versions 4.35 to 5.20

In response to this vulnerability, users are advised to update their devices to the latest firmware version to mitigate potential security risks.

Vulnerability Details

The vulnerability exists in the CGI program used by the affected Zyxel firewall series. Attackers can exploit this vulnerability by crafting a malicious URL containing the script they wish to execute in the user's browser. When an unsuspecting user clicks on the link or visits the webpage containing the malicious URL, the script is executed in the user's browser context, potentially compromising sensitive information.

Here's a hypothetical example of a simple malicious script injected into the vulnerable URL parameter:

http://example.com/vulnerable.cgi?input=<script>alert('XSS Attack')</script>

When the user visits the link, the script within the "input" parameter will be executed, displaying an alert message that says "XSS Attack". In real-world scenarios, however, attackers could use more complex scripts that compromise the user's session or steal sensitive information like cookies and session tokens.

Original References

Zyxel has publicly acknowledged and documented this vulnerability in their Security Advisory. The advisory provides more in-depth information about the affected products and the conditions required for a successful exploit. Users are encouraged to review the advisory and follow the recommended actions to protect their networks from this security risk.

Mitigation and Remediation

In order to mitigate the potential risks associated with CVE-2022-0734, please consider the following measures:

1. Update your Zyxel firewall series firmware to the latest version. Firmware updates addressing this vulnerability have been released by Zyxel and are available for download from their official support website.

2. Use strong and complex passwords for both user and administrator accounts. Avoid using default passwords or common combinations.

Limit user access to the firewall configuration and restrict access to the underlying CGI program.

4. Be cautious when clicking on links from untrusted sources or suspicious emails, as they may be part of a phishing attack aiming to exploit this vulnerability.

5. Enable the "secure" flag for all session cookies in your web applications, helping to ensure that these cookies are only transmitted via HTTPS.

By applying these mitigation and remediation measures, users can significantly reduce the risk of falling victim to an attack exploiting the CVE-2022-0734 vulnerability in their Zyxel firewall series devices.

Timeline

Published on: 05/24/2022 03:15:00 UTC
Last modified on: 06/06/2022 18:16:00 UTC