Published: 11/01/2023 Updated: 18/01/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated malicious user to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zyxel lte7480-m804_firmware
zyxel lte7490-m904_firmware
zyxel nebula_nr5101_firmware
zyxel nebula_nr7101_firmware
zyxel nr5101_firmware
zyxel nr7101_firmware
zyxel nr7102_firmware
zyxel dx3301-t0_firmware -
zyxel dx4510-b1_firmware -
zyxel dx5401-b0_firmware -
zyxel emg3525-t50b_firmware -
zyxel emg5523-t50b_firmware -
zyxel emg5723-t50k_firmware -
zyxel ex3301-t0_firmware -
zyxel ex3510-b0_firmware
zyxel ex5401-b0_firmware -
zyxel ex5501-b0_firmware -
zyxel ex5510-b0_firmware
zyxel ex5512-t0_firmware -
zyxel ex5600-t1_firmware -
zyxel ex5601-t0_firmware -
zyxel ex5601-t1_firmware -
zyxel vmg3927-t50k_firmware -
zyxel vmg4005-b50a_firmware -
zyxel vmg4005-b60a_firmware -
zyxel vmg8623-t50b_firmware -
zyxel vmg8825-t50k_firmware -
zyxel ax7501-b0_firmware -
zyxel pm3100-t0_firmware -
zyxel pm5100-t0_firmware -
zyxel pm7300-t0_firmware -
zyxel pm7320-b0_firmware -
zyxel pmg5317-t20b_firmware -
zyxel pmg5617-t20b2_firmware -
zyxel pmg5617ga_firmware -
zyxel pmg5622ga_firmware -
zyxel wx3100-t0_firmware -
zyxel wx3401-b0_firmware -
zyxel wx5600-t0_firmware -

CWE-78 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders https://nvd.nist.gov

CVE-2022-43390

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect