Lucene search

ZyxelCVELIST:CVE-2022-43393

HistoryJan 11, 2023 - 12:00 a.m.

CVE-2022-43393

2023-01-1100:00:00

CWE-754

Zyxel

www.cve.org

zyxel gs1920-24v2

http request

denial-of-service

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "GS1920-24v2 firmware",
    "versions": [
      {
        "version": "< V4.70(ABMH.8)C0",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for CVELIST:CVE-2022-43393