CVE-2022-43389
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Affected (17)
Products: Zyxel: Lte3202 M437 Firmware, Lte3316 M604 Firmware, Lte7480 M804 Firmware, Lte7490 M904 Firmware, Nebula Fwa510 Firmware, Nebula Fwa710 Firmware, Nebula Nr7101 Firmware, Nr5103 Firmware, Nr5103e Firmware, Nr7101 Firmware, Nr7102 Firmware, Nr7103 Firmware, Ep240p Firmware, Pm7320 B0 Firmware, Pmg5317 T20b Firmware, Pmg5617ga Firmware, Pmg5622ga Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.00\(abwf.1\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Lte3202 M437 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.00\(abmp.6\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Lte3316 M604 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.00\(abra.6\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Lte7480 M804 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.00\(abqy.5\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Lte7490 M904 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15\(acgd.3\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nebula Fwa510 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15\(acgc.3\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nebula Fwa710 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15\(accc.3\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nebula Nr7101 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.19\(abyc.3\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nr5103 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nr5103e | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.00\(abuv.7\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nr7101 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.00\(abyd.2\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nr7102 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.00\(accz.1\)c0 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Nr7103 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Zyxel Ep240p | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Zyxel Pm7320 B0 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Zyxel Pmg5317 T20b | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Zyxel Pmg5617ga | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Zyxel Pmg5622ga | All versions |
References (2)
Source: security@zyxel.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.