Lucene search

[email protected]CVE-2022-43390

HistoryJan 11, 2023 - 2:15 a.m.

CVE-2022-43390

2023-01-1102:15:11

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-43390

zyxel

nr7101

command injection

cgi program

firmware

vulnerability

os commands

http request

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Affected configurations

NVD

Node

zyxellte7480-m804_firmwareRange<1.00\(abra.6\)c0

AND

zyxellte7480-m804Match-

Node

zyxellte7490-m904_firmwareRange<1.00\(abqy.5\)c0

AND

zyxellte7490-m904Match-

Node

zyxelnebula_nr5101_firmwareRange<1.15\(accg.3\)c0

AND

zyxelnebula_nr5101Match-

Node

zyxelnebula_nr7101_firmwareRange<1.15\(accc.3\)c0

AND

zyxelnebula_nr7101Match-

Node

zyxelnr5101_firmwareRange<1.00\(abvc.6\)c0

AND

zyxelnr5101Match-

Node

zyxelnr7101_firmwareRange<1.00\(abuv.7\)c0

AND

zyxelnr7101Match-

Node

zyxelnr7102_firmwareRange<1.00\(abyd.2\)c0

AND

zyxelnr7102Match-

Node

zyxeldx3301-t0_firmwareMatch-

AND

zyxeldx3301-t0Match-

Node

zyxeldx4510-b1_firmwareMatch-

AND

zyxeldx4510-b1Match-

Node

zyxeldx5401-b0_firmwareMatch-

AND

zyxeldx5401-b0Match-

Node

zyxelemg3525-t50b_firmwareMatch-

AND

zyxelemg3525-t50bMatch-

Node

zyxelemg5523-t50b_firmwareMatch-

AND

zyxelemg5523-t50bMatch-

Node

zyxelemg5723-t50k_firmwareMatch-

AND

zyxelemg5723-t50kMatch-

Node

zyxelex3301-t0_firmwareMatch-

AND

zyxelex3301-t0Match-

Node

zyxelex3510-b0_firmwareRange<5.17\(abup.7\)c0

AND

zyxelex3510-b0Match-

Node

zyxelex5401-b0_firmwareMatch-

AND

zyxelex5401-b0Match-

Node

zyxelex5501-b0_firmwareMatch-

AND

zyxelex5501-b0Match-

Node

zyxelex5510-b0_firmwareRange<5.17\(abqx.7\)c0

AND

zyxelex5510-b0Match-

Node

zyxelex5512-t0_firmwareMatch-

AND

zyxelex5512-t0Match-

Node

zyxelex5600-t1_firmwareMatch-

AND

zyxelex5600-t1Match-

Node

zyxelex5601-t0_firmwareMatch-

AND

zyxelex5601-t0Match-

Node

zyxelex5601-t1_firmwareMatch-

AND

zyxelex5601-t1Match-

Node

zyxelvmg3927-t50k_firmwareMatch-

AND

zyxelvmg3927-t50kMatch-

Node

zyxelvmg4005-b50a_firmwareMatch-

AND

zyxelvmg4005-b50aMatch-

Node

zyxelvmg4005-b60a_firmwareMatch-

AND

zyxelvmg4005-b60aMatch-

Node

zyxelvmg8623-t50b_firmwareMatch-

AND

zyxelvmg8623-t50bMatch-

Node

zyxelvmg8825-t50k_firmwareMatch-

AND

zyxelvmg8825-t50kMatch-

Node

zyxelax7501-b0_firmwareMatch-

AND

zyxelax7501-b0Match-

Node

zyxelpm3100-t0_firmwareMatch-

AND

zyxelpm3100-t0Match-

Node

zyxelpm5100-t0_firmwareMatch-

AND

zyxelpm5100-t0Match-

Node

zyxelpm7300-t0_firmwareMatch-

AND

zyxelpm7300-t0Match-

Node

zyxelpm7320-b0_firmwareMatch-

AND

zyxelpm7320-b0Match-

Node

zyxelpmg5317-t20b_firmwareMatch-

AND

zyxelpmg5317-t20bMatch-

Node

zyxelpmg5617-t20b2_firmwareMatch-

AND

zyxelpmg5617-t20b2Match-

Node

zyxelpmg5617ga_firmwareMatch-

AND

zyxelpmg5617gaMatch-

Node

zyxelpmg5622ga_firmwareMatch-

AND

zyxelpmg5622gaMatch-

Node

zyxelwx3100-t0_firmwareMatch-

AND

zyxelwx3100-t0Match-

Node

zyxelwx3401-b0_firmwareMatch-

AND

zyxelwx3401-b0Match-

Node

zyxelwx5600-t0_firmwareMatch-

AND

zyxelwx5600-t0Match-

CPENameOperatorVersion
zyxel:lte7480-m804_firmwarezyxel lte7480-m804 firmwarelt1.00\(abra.6\)c0

CPE	Name	Operator	Version
zyxel:lte7480-m804_firmware	zyxel lte7480-m804 firmware	lt	1.00\(abra.6\)c0

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "NR7101 firmware",
    "versions": [
      {
        "version": "< V1.15(ACCC.3)C0",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

Related for CVE-2022-43390

nvd1 prion1 cvelist1