Lucene search

[email protected]CVE-2022-43392

HistoryJan 11, 2023 - 2:15 a.m.

CVE-2022-43392

2023-01-1102:15:11

CWE-120

[email protected]

web.nvd.nist.gov

security

vulnerability

buffer overflow

zyxel nr7101

cve-2022-43392

denial-of-service

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

Affected configurations

NVD

Node

zyxellte3301-plus_firmwareMatch-

AND

zyxellte3301-plusMatch-

Node

zyxellte5388-m804_firmwareMatch-

AND

zyxellte5388-m804Match-

Node

zyxellte5398-m904_firmwareMatch-

AND

zyxellte5398-m904Match-

Node

zyxellte7240-m403_firmwareMatch-

AND

zyxellte7240-m403Match-

Node

zyxellte7461-m602_firmwareMatch-

AND

zyxellte7461-m602Match-

Node

zyxellte7480-m804_firmwareRange<1.00\(abra.6\)c0

AND

zyxellte7480-m804Match-

Node

zyxellte7480-s905_firmwareMatch-

AND

zyxellte7480-s905Match-

Node

zyxellte7485-s905_firmwareMatch-

AND

zyxellte7485-s905Match-

Node

zyxellte7490-m904_firmwareRange<1.00\(abqy.5\)c0

AND

zyxellte7490-m904Match-

Node

zyxelnebula_lte3301-plus_firmwareRange<1.15\(acca.3\)c0

AND

zyxelnebula_lte3301-plusMatch-

Node

zyxelnebula_lte7461-m602_firmwareRange<1.15\(acev.3\)c0

AND

zyxelnebula_lte7461-m602Match-

Node

zyxelnebula_nr5101_firmwareRange<1.15\(accg.3\)c0

AND

zyxelnebula_nr5101Match-

Node

zyxelnebula_nr7101_firmwareRange<1.15\(accc.3\)c0

AND

zyxelnebula_nr7101Match-

Node

zyxelnr5101_firmwareRange<1.00\(abvc.6\)c0

AND

zyxelnr5101Match-

Node

zyxelnr7101_firmwareRange<1.00\(abuv.7\)c0

AND

zyxelnr7101Match-

Node

zyxelnr7102_firmwareRange<1.00\(abyd.2\)c0

AND

zyxelnr7102Match-

Node

zyxeldx3301-t0_firmwareMatch-

AND

zyxeldx3301-t0Match-

Node

zyxeldx4510-b1_firmwareMatch-

AND

zyxeldx4510-b1Match-

Node

zyxeldx5401-b0_firmwareMatch-

AND

zyxeldx5401-b0Match-

Node

zyxelemg3525-t50b_firmwareMatch-

AND

zyxelemg3525-t50bMatch-

Node

zyxelemg5523-t50b_firmwareMatch-

AND

zyxelemg5523-t50bMatch-

Node

zyxelemg5723-t50k_firmwareMatch-

AND

zyxelemg5723-t50kMatch-

Node

zyxelex3301-t0_firmwareMatch-

AND

zyxelex3301-t0Match-

Node

zyxelex3510-b0_firmwareRange<5.17\(abup.7\)c0

AND

zyxelex3510-b0Match-

Node

zyxelex5401-b0_firmwareMatch-

AND

zyxelex5401-b0Match-

Node

zyxelex5501-b0_firmwareMatch-

AND

zyxelex5501-b0Match-

Node

zyxelex5510-b0_firmwareRange<5.17\(abqx.7\)c0

AND

zyxelex5510-b0Match-

Node

zyxelex5512-t0_firmwareMatch-

AND

zyxelex5512-t0Match-

Node

zyxelex5600-t1_firmwareMatch-

AND

zyxelex5600-t1Match-

Node

zyxelex5601-t0_firmwareMatch-

AND

zyxelex5601-t0Match-

Node

zyxelex5601-t1_firmwareMatch-

AND

zyxelex5601-t1Match-

Node

zyxelvmg3927-t50k_firmwareMatch-

AND

zyxelvmg3927-t50kMatch-

Node

zyxelvmg4005-b50a_firmwareMatch-

AND

zyxelvmg4005-b50aMatch-

Node

zyxelvmg4005-b60a_firmwareMatch-

AND

zyxelvmg4005-b60aMatch-

Node

zyxelvmg8623-t50b_firmwareMatch-

AND

zyxelvmg8623-t50bMatch-

Node

zyxelvmg8825-t50k_firmwareMatch-

AND

zyxelvmg8825-t50kMatch-

Node

zyxelax7501-b0_firmwareMatch-

AND

zyxelax7501-b0Match-

Node

zyxelpm3100-t0_firmwareMatch-

AND

zyxelpm3100-t0Match-

Node

zyxelpm5100-t0_firmwareMatch-

AND

zyxelpm5100-t0Match-

Node

zyxelpm7300-t0_firmwareMatch-

AND

zyxelpm7300-t0Match-

Node

zyxelpm7320-b0_firmwareMatch-

AND

zyxelpm7320-b0Match-

Node

zyxelpmg5317-t20b_firmwareMatch-

AND

zyxelpmg5317-t20bMatch-

Node

zyxelpmg5617-t20b2_firmwareMatch-

AND

zyxelpmg5617-t20b2Match-

Node

zyxelpmg5617ga_firmwareMatch-

AND

zyxelpmg5617gaMatch-

Node

zyxelpmg5622ga_firmwareMatch-

AND

zyxelpmg5622gaMatch-

Node

zyxelwx3100-t0_firmwareMatch-

AND

zyxelwx3100-t0Match-

Node

zyxelwx3401-b0_firmwareMatch-

AND

zyxelwx3401-b0Match-

Node

zyxelwx5600-t0_firmwareMatch-

AND

zyxelwx5600-t0Match-

CPENameOperatorVersion
zyxel:lte3301-plus_firmwarezyxel lte3301-plus firmwareeq-

CPE	Name	Operator	Version
zyxel:lte3301-plus_firmware	zyxel lte3301-plus firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NR7101 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "< V1.15(ACCC.3)C0"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for CVE-2022-43392

cvelist1 nvd1 prion1