Lucene search

ZyxelCVE-2022-34747

HistorySep 06, 2022 - 2:15 a.m.

CVE-2022-34747

2022-09-0602:15:07

CWE-134

Zyxel

web.nvd.nist.gov

zyxel

nas326

firmware

format string vulnerability

unauthorized remote code execution

udp packet

cve-2022-34747

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

Affected configurations

Nvd

Node

zyxelnas326_firmwareRange<5.21\(aazf.12\)c0

AND

zyxelnas326Match-

VendorProductVersionCPE
zyxelnas326_firmware*cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*
zyxelnas326-cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	nas326_firmware	*	cpe:2.3:o:zyxel:nas326_firmware::::::::
zyxel	nas326	-	cpe:2.3:h:zyxel:nas326:-:::::::*

CNA Affected

[
  {
    "product": "Zyxel NAS326 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "< V5.21(AAZF.12)C0"
      }
    ]
  }
]

References

www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

Related for CVE-2022-34747