Lucene search

ZyxelCVELIST:CVE-2022-43390

HistoryJan 11, 2023 - 12:00 a.m.

CVE-2022-43390

2023-01-1100:00:00

CWE-78

Zyxel

www.cve.org

zyxel nr7101

command injection

cgi program

vulnerability

http request

os commands

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.2%

JSON

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "NR7101 firmware",
    "versions": [
      {
        "version": "< V1.15(ACCC.3)C0",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.2%

JSON

Related for CVELIST:CVE-2022-43390