VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 7, 2023· Updated Mar 25, 2025

CVE-2022-38547

CVE-2022-38547

Description

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Post-authentication command injection in Zyxel firewall CLI allows authenticated admin to execute OS commands remotely.

Vulnerability

A post-authentication command injection vulnerability exists in the CLI command of Zyxel ZyWALL/USG (firmware 4.20 through 4.72), VPN (4.30 through 5.32), USG FLEX (4.50 through 5.32), and ATP (4.32 through 5.32) series firewalls [1]. An authenticated attacker with administrator privileges can inject arbitrary OS commands via a specially crafted CLI input.

Exploitation

An attacker must first authenticate with administrator-level credentials. Then, by sending a malicious CLI command that includes injected OS commands, the attacker can execute arbitrary commands on the affected device [1]. WAN access is disabled by default, so exploitation typically requires LAN or VPN access.

Impact

Successful exploitation allows the attacker to execute arbitrary OS commands on the firewall, leading to full system compromise. This can result in unauthorized data access, configuration changes, or further network penetration.

Mitigation

Zyxel has released patches: ZLD V5.35 for ATP, USG FLEX, and VPN series; ZLD V4.73 for ZyWALL/USG series [1]. Users should update to the patched versions. No workaround is provided; updating is the recommended action.

References
  1. Zyxel security advisory for post-authentication RCE in firewalls | Zyxel Networks

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Zyxel/VPN seriesllm-fuzzy2 versions
    4.30 - 5.32+ 1 more
    • (no CPE)range: 4.30 - 5.32
    • (no CPE)range: 4.30 through 5.32
  • Zyxel/ZyWALL/USG seriesllm-fuzzy2 versions
    4.20 - 4.72+ 1 more
    • (no CPE)range: 4.20 - 4.72
    • (no CPE)range: 4.20 through 4.72
  • Zyxel/ATP seriesllm-fuzzy2 versions
    4.32 - 5.32+ 1 more
    • (no CPE)range: 4.32 - 5.32
    • (no CPE)range: 4.32 through 5.32
  • Zyxel/USG FLEX seriesllm-fuzzy2 versions
    4.50 - 5.32+ 1 more
    • (no CPE)range: 4.50 - 5.32
    • (no CPE)range: 4.50 through 5.32

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.