CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
48.5%
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Vendor | Product | Version | CPE |
---|---|---|---|
zyxel | lte7480-m804_firmware | * | cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:* |
zyxel | lte7480-m804 | - | cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:* |
zyxel | lte7490-m904_firmware | * | cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:* |
zyxel | lte7490-m904 | - | cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:* |
zyxel | nebula_nr5101_firmware | * | cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:* |
zyxel | nebula_nr5101 | - | cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:* |
zyxel | nebula_nr7101_firmware | * | cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:* |
zyxel | nebula_nr7101 | - | cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:* |
zyxel | nr5101_firmware | * | cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:* |
zyxel | nr5101 | - | cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:* |
[
{
"vendor": "Zyxel",
"product": "NR7101 firmware",
"versions": [
{
"version": "< V1.15(ACCC.3)C0",
"status": "affected"
}
]
}
]