CVE-2022-38546

Published: Dec 21, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.

Affected (1)

Products: Zyxel: Nbg7510 Firmware

Zyxel

1 product

Nbg7510 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Nbg7510 Firmware	Up to 1.00\(abzy.2\)c0

Running on/with	Platform Versions
Zyxel Nbg7510	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dns-misconfiguration-in-nbg7510-home-router

Source: security@zyxel.com.tw

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dns-misconfiguration-in-nbg7510-home-router

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.