Lucene search

ZyxelCVELIST:CVE-2022-43390

HistoryJan 11, 2023 - 12:00 a.m.

CVE-2022-43390

2023-01-1100:00:00

CWE-78

Zyxel

www.cve.org

zyxel nr7101

command injection

cgi program

vulnerability

http request

os commands

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "NR7101 firmware",
    "versions": [
      {
        "version": "< V1.15(ACCC.3)C0",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

Related for CVELIST:CVE-2022-43390