Lucene search

ZyxelCVELIST:CVE-2022-34747

HistorySep 06, 2022 - 1:20 a.m.

CVE-2022-34747

2022-09-0601:20:10

CWE-134

Zyxel

www.cve.org

zyxel nas326

format string vulnerability

unauthorized remote code execution

udp packet

cve-2022-34747

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

CNA Affected

[
  {
    "product": "Zyxel NAS326 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "< V5.21(AAZF.12)C0"
      }
    ]
  }
]

References

www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

Related for CVELIST:CVE-2022-34747