CVE-2022-43389

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:lte3202-m437_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte3202-m437:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:lte3316-m604_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte3316-m604:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nebula_fwa510:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nebula_fwa710:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zyxel:nr5103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr5103:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zyxel:nr5103e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr5103e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zyxel:nr7103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nr7103:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zyxel:ep240p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*

Information

Published : 2023-01-10 18:15

Updated : 2023-01-18 13:48

NVD link : CVE-2022-43389

Mitre link : CVE-2022-43389

JSON object : View

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Products Affected

zyxel

nebula_fwa510
nebula_fwa510_firmware
lte7490-m904
lte3202-m437_firmware
lte3316-m604_firmware
lte7480-m804_firmware
nr7102
nr5103_firmware
lte7490-m904_firmware
nebula_fwa710_firmware
nr7101
nr7101_firmware
nr7103
pmg5317-t20b
nebula_nr7101
nr5103e
nr5103
lte3202-m437
nr7102_firmware
lte3316-m604
nr7103_firmware
nebula_fwa710
pm7320-b0_firmware
nr5103e_firmware
nebula_nr7101_firmware
ep240p
pmg5317-t20b_firmware
ep240p_firmware
pmg5622ga
pmg5617ga_firmware
pm7320-b0
pmg5617ga
pmg5622ga_firmware
lte7480-m804

9.8 /10