{"id":1798,"date":"2022-08-22T13:54:14","date_gmt":"2022-08-22T11:54:14","guid":{"rendered":"https:\/\/security.humanativaspa.it\/?p=1798"},"modified":"2025-09-15T13:27:39","modified_gmt":"2025-09-15T13:27:39","slug":"useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/","title":{"rendered":"Useless path traversals in Zyxel admin interface (CVE-2022-2030)"},"content":{"rendered":"<p>During <a href=\"https:\/\/hnsecurity.it\/tag\/zyxel\/\">our analysis<\/a> of Zyxel&#8217;s device management web interface, we identified three <a href=\"https:\/\/www.zyxel.com\/support\/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml\">path traversal vulnerabilities<\/a> in some CGIs that grant an attacker <strong>read access to all files on the filesystem<\/strong> (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2030\">CVE-2022-2030<\/a>). These vulnerabilities are aggravated by the fact that the web server&#8217;s privileges are high, so it can, for example, access particularly sensitive files (such as the shadow file).<\/p>\n<p>However, the actual impact of these bugs is quite limited because the authentication system guarantees that the vulnerable code paths can <strong>only be reached by admin or limited-admin users<\/strong>. In short, they are almost useless \ud83d\ude09<\/p>\n<p>The interesting thing about these bugs is that they have been discovered using three different techniques.<\/p>\n<h2>Path traversal in &#8220;webauth_example_preview.cgi&#8221; (admin or limited-admin required)<\/h2>\n<p>Found via simple <strong>black box web application testing<\/strong>, a <strong>&#8220;standard&#8221; path traversal was identified<\/strong> in the &#8220;webauth_example_preview.cgi&#8221; CGI, used to preview some customization files.<\/p>\n<p>First of all, to trigger the bug a new &#8220;Internal Web Portal Customize File&#8221; must be uploaded into the right section &#8220;Configuration -&gt; Web Authentication -&gt; Custom Web Portal File&#8221;.<\/p>\n<p>At this point the path traversal is exploitable via the parameter &#8220;hname&#8221; of the page webauth_example_preview.cgi:<\/p>\n<ul>\n<li>Download startup configuration:\u00a0<strong>https:\/\/5.6.7.8\/webauth_example_preview.cgi?zname=wp.zip&amp;hname=..\/..\/..\/..\/..\/db\/etc\/zyxel\/ftp\/conf\/startup-config.conf<\/strong><\/li>\n<li>Download the shadow file: <strong>https:\/\/5.6.7.8\/webauth_example_preview.cgi?zname=wp.zip&amp;hname=..\/..\/..\/..\/..\/etc\/shadow<\/strong><\/li>\n<\/ul>\n<h2>Path traversal in &#8220;webauth_example_preview.cgi&#8221; via ZIP files (admin or limited-admin required)<\/h2>\n<p>Found using <strong>logic<\/strong>. The problem is again in &#8220;webauth_example_preview.cgi&#8221;, in a feature that parses a ZIP file which contains a template of the customized web pages. As you may know, <strong>ZIP files can contain symbolic links<\/strong>.<\/p>\n<p>To reproduce the bug, access &#8220;Configuration -&gt; Web Authentication -&gt; Custom Web Portal File&#8221; and use &#8220;Download External Web Portal Example&#8221; to get a sample ZIP archive.<\/p>\n<p>Then modify the archive as follows to make it malicious:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"bat\">$ unzip \/tmp\/external_web_portal_example.zip\r\n$ ln -s \/etc\/shadow exp.htm\r\n$ zip --symlinks -r ..\/wp2.zip *<\/pre>\n<p>Upload the file in the &#8220;Internal Web Portal Customize File&#8221; section and access the preview.<\/p>\n<p>The system will automatically unzip the file into the directory &#8220;\/var\/zyxel\/.multi-portal\/customize\/&#8221; to allow Apache to access its contents.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-1803\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/exp-1.png\" alt=\"\" width=\"599\" height=\"404\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/exp-1.png 599w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/exp-1-300x202.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/exp-1-350x236.png 350w\" sizes=\"(max-width: 599px) 100vw, 599px\" \/><\/p>\n<p>The shadow file can be accessed via the preview CGI at: <strong>https:\/\/5.6.7.8\/webauth_example_preview.cgi?zname=wp2.zip&amp;hname=exp.htm<\/strong><\/p>\n<p>Alternatively, if you enable the web portal customization file, you can access it directly via the Web Portal.<\/p>\n<p><em>This bug may also be present in other application sections that process ZIP archives to create customized areas (e.g., User Agreement pages), but I didn&#8217;t check \ud83d\ude09<\/em><\/p>\n<h2>Path traversal in &#8220;export-cgi&#8221; (admin required)<\/h2>\n<p>In this case, the problem was identified via<strong>\u00a0static analysis executed thought Ghidra<\/strong> on some interesting CGIs.<\/p>\n<p>The file &#8220;export-cgi&#8221; manages file downloads in all sections of the administration interface. Generally, it takes the &#8220;category&#8221; parameter from the HTTP request and switches between multiple download_XXXXX functions. The pseudocode (generated by Ghidra) of the &#8220;download_av_signature&#8221; function is:<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-1805\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/export_cgi-1.png\" alt=\"\" width=\"735\" height=\"297\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/export_cgi-1.png 735w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/export_cgi-1-300x121.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/export_cgi-1-350x141.png 350w\" sizes=\"(max-width: 735px) 100vw, 735px\" \/><\/p>\n<p>As you can see, the function has a security check at the beginning which will return a &#8220;400 Bad request&#8221; error in case of unusual input. In particular the checking of 0x2F inside the string will prevent path traversals.<\/p>\n<p>The weird thing is that <strong>about 30 download features have all been implemented with these security checks except for the &#8220;download_dev_info&#8221; feature <\/strong>(at least in firmware version 5.10).<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-1807\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info-1.png\" alt=\"\" width=\"555\" height=\"387\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info-1.png 555w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info-1-300x209.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info-1-350x244.png 350w\" sizes=\"(max-width: 555px) 100vw, 555px\" \/><\/p>\n<p>Once identified, path traversal is quite simple to exploit:<\/p>\n<p>Download the passwd file: <strong>https:\/\/5.6.7.8\/cgi-bin\/export-cgi?category=dev_info&amp;arg0=..\/etc\/passwd<\/strong><\/p>\n<p>The curious thing is that this path traversal has been fixed in version 5.20 of the firmware which was released months ago, however in the release notes there is no mention of it. The new code is as follows:<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-1808\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info2-1.png\" alt=\"\" width=\"718\" height=\"585\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info2-1.png 718w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info2-1-300x244.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/07\/dev_info2-1-350x285.png 350w\" sizes=\"(max-width: 718px) 100vw, 718px\" \/><\/p>\n<p>For information on patches, refer to Zyxel&#8217;s official <a href=\"https:\/\/www.zyxel.com\/support\/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml\">security advisory<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>During our analysis of Zyxel&#8217;s device management web interface, we identified three path traversal vulnerabilities in some CGIs that grant [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":159969,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[81,91,78],"tags":[82,87,96,109,167,552,75],"class_list":["post-1798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities","category-articles","category-exploits","tag-vulnerability-research","tag-reverse-engineering","tag-static-analysis","tag-zyxel","tag-cve-2022-2030","tag-network","tag-advisory"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HN Security Useless path traversals in Zyxel admin interface (CVE-2022-2030)<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HN Security Useless path traversals in Zyxel admin interface (CVE-2022-2030)\" \/>\n<meta property=\"og:description\" content=\"During our analysis of Zyxel&#8217;s device management web interface, we identified three path traversal vulnerabilities in some CGIs that grant [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/\" \/>\n<meta property=\"og:site_name\" content=\"HN Security\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-22T11:54:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-15T13:27:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Maurizio Agazzini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hnsec\" \/>\n<meta name=\"twitter:site\" content=\"@hnsec\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Maurizio Agazzini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/\"},\"author\":{\"name\":\"Maurizio Agazzini\",\"@id\":\"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/d667b46361c97bc294ea383b8f6de9b3\"},\"headline\":\"Useless path traversals in Zyxel admin interface (CVE-2022-2030)\",\"datePublished\":\"2022-08-22T11:54:14+00:00\",\"dateModified\":\"2025-09-15T13:27:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/\"},\"wordCount\":648,\"publisher\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/#organization\"},\"image\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg\",\"keywords\":[\"vulnerability research\",\"reverse engineering\",\"static analysis\",\"zyxel\",\"CVE-2022-2030\",\"network\",\"advisory\"],\"articleSection\":[\"Vulnerabilities\",\"Articles\",\"Exploits\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/\",\"url\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/\",\"name\":\"HN Security Useless path traversals in Zyxel admin interface (CVE-2022-2030)\",\"isPartOf\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg\",\"datePublished\":\"2022-08-22T11:54:14+00:00\",\"dateModified\":\"2025-09-15T13:27:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage\",\"url\":\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg\",\"contentUrl\":\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg\",\"width\":1600,\"height\":836,\"caption\":\"Zyxel Networks logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hnsecurity.it\/it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Useless path traversals in Zyxel admin interface (CVE-2022-2030)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hnsecurity.it\/it\/#website\",\"url\":\"https:\/\/hnsecurity.it\/it\/\",\"name\":\"HN Security\",\"description\":\"Offensive Security Specialists\",\"publisher\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hnsecurity.it\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/hnsecurity.it\/it\/#organization\",\"name\":\"HN Security\",\"url\":\"https:\/\/hnsecurity.it\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg\",\"contentUrl\":\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg\",\"width\":696,\"height\":696,\"caption\":\"HN Security\"},\"image\":{\"@id\":\"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/hnsec\",\"https:\/\/www.linkedin.com\/company\/hnsecurity\/\",\"https:\/\/github.com\/hnsecurity\",\"https:\/\/infosec.exchange\/@hnsec\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/d667b46361c97bc294ea383b8f6de9b3\",\"name\":\"Maurizio Agazzini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/fafe3b3da91f9b35c3ef9816ff3d2c24f8936f3fc1e683239d52e77b0942c101?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fafe3b3da91f9b35c3ef9816ff3d2c24f8936f3fc1e683239d52e77b0942c101?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fafe3b3da91f9b35c3ef9816ff3d2c24f8936f3fc1e683239d52e77b0942c101?s=96&d=mm&r=g\",\"caption\":\"Maurizio Agazzini\"},\"url\":\"https:\/\/hnsecurity.it\/it\/blog\/author\/maurizio-agazzini\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HN Security Useless path traversals in Zyxel admin interface (CVE-2022-2030)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/","og_locale":"it_IT","og_type":"article","og_title":"HN Security Useless path traversals in Zyxel admin interface (CVE-2022-2030)","og_description":"During our analysis of Zyxel&#8217;s device management web interface, we identified three path traversal vulnerabilities in some CGIs that grant [&hellip;]","og_url":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/","og_site_name":"HN Security","article_published_time":"2022-08-22T11:54:14+00:00","article_modified_time":"2025-09-15T13:27:39+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg","type":"image\/jpeg"}],"author":"Maurizio Agazzini","twitter_card":"summary_large_image","twitter_creator":"@hnsec","twitter_site":"@hnsec","twitter_misc":{"Scritto da":"Maurizio Agazzini","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#article","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/"},"author":{"name":"Maurizio Agazzini","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/d667b46361c97bc294ea383b8f6de9b3"},"headline":"Useless path traversals in Zyxel admin interface (CVE-2022-2030)","datePublished":"2022-08-22T11:54:14+00:00","dateModified":"2025-09-15T13:27:39+00:00","mainEntityOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/"},"wordCount":648,"publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg","keywords":["vulnerability research","reverse engineering","static analysis","zyxel","CVE-2022-2030","network","advisory"],"articleSection":["Vulnerabilities","Articles","Exploits"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/","url":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/","name":"HN Security Useless path traversals in Zyxel admin interface (CVE-2022-2030)","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg","datePublished":"2022-08-22T11:54:14+00:00","dateModified":"2025-09-15T13:27:39+00:00","breadcrumb":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#primaryimage","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg","width":1600,"height":836,"caption":"Zyxel Networks logo"},{"@type":"BreadcrumbList","@id":"https:\/\/hnsecurity.it\/it\/blog\/useless-path-traversals-in-zyxel-admin-interface-cve-2022-2030\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hnsecurity.it\/it\/"},{"@type":"ListItem","position":2,"name":"Useless path traversals in Zyxel admin interface (CVE-2022-2030)"}]},{"@type":"WebSite","@id":"https:\/\/hnsecurity.it\/it\/#website","url":"https:\/\/hnsecurity.it\/it\/","name":"HN Security","description":"Offensive Security Specialists","publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hnsecurity.it\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/hnsecurity.it\/it\/#organization","name":"HN Security","url":"https:\/\/hnsecurity.it\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","width":696,"height":696,"caption":"HN Security"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/hnsec","https:\/\/www.linkedin.com\/company\/hnsecurity\/","https:\/\/github.com\/hnsecurity","https:\/\/infosec.exchange\/@hnsec"]},{"@type":"Person","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/d667b46361c97bc294ea383b8f6de9b3","name":"Maurizio Agazzini","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/fafe3b3da91f9b35c3ef9816ff3d2c24f8936f3fc1e683239d52e77b0942c101?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fafe3b3da91f9b35c3ef9816ff3d2c24f8936f3fc1e683239d52e77b0942c101?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fafe3b3da91f9b35c3ef9816ff3d2c24f8936f3fc1e683239d52e77b0942c101?s=96&d=mm&r=g","caption":"Maurizio Agazzini"},"url":"https:\/\/hnsecurity.it\/it\/blog\/author\/maurizio-agazzini\/"}]}},"jetpack_featured_media_url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/ZYXEL.jpg","_links":{"self":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/1798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/comments?post=1798"}],"version-history":[{"count":1,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/1798\/revisions"}],"predecessor-version":[{"id":160157,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/1798\/revisions\/160157"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media\/159969"}],"wp:attachment":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media?parent=1798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/categories?post=1798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/tags?post=1798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}