Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43389

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Published

2023-01-11T02:15:11.073

Last Modified

2024-11-21T07:26:22.850

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zyxel	lte3202-m437_firmware	< 1.00\(abwf.1\)c0	Yes
Hardware	zyxel	lte3202-m437	-	No
Operating System	zyxel	lte3316-m604_firmware	< 2.00\(abmp.6\)c0	Yes
Hardware	zyxel	lte3316-m604	-	No
Operating System	zyxel	lte7480-m804_firmware	< 1.00\(abra.6\)c0	Yes
Hardware	zyxel	lte7480-m804	-	No
Operating System	zyxel	lte7490-m904_firmware	< 1.00\(abqy.5\)c0	Yes
Hardware	zyxel	lte7490-m904	-	No
Operating System	zyxel	nebula_fwa510_firmware	< 1.15\(acgd.3\)c0	Yes
Hardware	zyxel	nebula_fwa510	-	No
Operating System	zyxel	nebula_fwa710_firmware	< 1.15\(acgc.3\)c0	Yes
Hardware	zyxel	nebula_fwa710	-	No
Operating System	zyxel	nebula_nr7101_firmware	< 1.15\(accc.3\)c0	Yes
Hardware	zyxel	nebula_nr7101	-	No
Operating System	zyxel	nr5103_firmware	< 4.19\(abyc.3\)c0	Yes
Hardware	zyxel	nr5103	-	No
Operating System	zyxel	nr5103e_firmware	-	Yes
Hardware	zyxel	nr5103e	-	No
Operating System	zyxel	nr7101_firmware	< 1.00\(abuv.7\)c0	Yes
Hardware	zyxel	nr7101	-	No
Operating System	zyxel	nr7102_firmware	< 1.00\(abyd.2\)c0	Yes
Hardware	zyxel	nr7102	-	No
Operating System	zyxel	nr7103_firmware	< 1.00\(accz.1\)c0	Yes
Hardware	zyxel	nr7103	-	No
Operating System	zyxel	ep240p_firmware	-	Yes
Hardware	zyxel	ep240p	-	No
Operating System	zyxel	pm7320-b0_firmware	-	Yes
Hardware	zyxel	pm7320-b0	-	No
Operating System	zyxel	pmg5317-t20b_firmware	-	Yes
Hardware	zyxel	pmg5317-t20b	-	No
Operating System	zyxel	pmg5617ga_firmware	-	Yes
Hardware	zyxel	pmg5617ga	-	No
Operating System	zyxel	pmg5622ga_firmware	-	Yes
Hardware	zyxel	pmg5622ga	-	No

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders Vendor Advisory ([email protected])
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)