Vulnerability Details CVE-2022-43390
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.3%
CVSS Severity
CVSS v3 Score 5.4
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders
Products affected by CVE-2022-43390
-
cpe:2.3:h:zyxel:ax7501-b0:-
-
cpe:2.3:h:zyxel:dx3301-t0:-
-
cpe:2.3:h:zyxel:dx4510-b1:-
-
cpe:2.3:h:zyxel:dx5401-b0:-
-
cpe:2.3:h:zyxel:emg3525-t50b:-
-
cpe:2.3:h:zyxel:emg5523-t50b:-
-
cpe:2.3:h:zyxel:emg5723-t50k:-
-
cpe:2.3:h:zyxel:ex3301-t0:-
-
cpe:2.3:h:zyxel:ex3510-b0:-
-
cpe:2.3:h:zyxel:ex5401-b0:-
-
cpe:2.3:h:zyxel:ex5501-b0:-
-
cpe:2.3:h:zyxel:ex5510-b0:-
-
cpe:2.3:h:zyxel:ex5512-t0:-
-
cpe:2.3:h:zyxel:ex5600-t1:-
-
cpe:2.3:h:zyxel:ex5601-t0:-
-
cpe:2.3:h:zyxel:ex5601-t1:-
-
cpe:2.3:h:zyxel:lte7480-m804:-
-
cpe:2.3:h:zyxel:lte7490-m904:-
-
cpe:2.3:h:zyxel:nebula_nr5101:-
-
cpe:2.3:h:zyxel:nebula_nr7101:-
-
cpe:2.3:h:zyxel:nr5101:-
-
cpe:2.3:h:zyxel:nr7101:-
-
cpe:2.3:h:zyxel:nr7102:-
-
cpe:2.3:h:zyxel:pm3100-t0:-
-
cpe:2.3:h:zyxel:pm5100-t0:-
-
cpe:2.3:h:zyxel:pm7300-t0:-
-
cpe:2.3:h:zyxel:pm7320-b0:-
-
cpe:2.3:h:zyxel:pmg5317-t20b:-
-
cpe:2.3:h:zyxel:pmg5617-t20b2:-
-
cpe:2.3:h:zyxel:pmg5617ga:-
-
cpe:2.3:h:zyxel:pmg5622ga:-
-
cpe:2.3:h:zyxel:vmg3927-t50k:-
-
cpe:2.3:h:zyxel:vmg4005-b50a:-
-
cpe:2.3:h:zyxel:vmg4005-b60a:-
-
cpe:2.3:h:zyxel:vmg8623-t50b:-
-
cpe:2.3:h:zyxel:vmg8825-t50k:-
-
cpe:2.3:h:zyxel:wx3100-t0:-
-
cpe:2.3:h:zyxel:wx3401-b0:-
-
cpe:2.3:h:zyxel:wx5600-t0:-
-
cpe:2.3:o:zyxel:ax7501-b0_firmware:-
-
cpe:2.3:o:zyxel:dx3301-t0_firmware:-
-
cpe:2.3:o:zyxel:dx4510-b1_firmware:-
-
cpe:2.3:o:zyxel:dx5401-b0_firmware:-
-
cpe:2.3:o:zyxel:emg3525-t50b_firmware:-
-
cpe:2.3:o:zyxel:emg5523-t50b_firmware:-
-
cpe:2.3:o:zyxel:emg5723-t50k_firmware:-
-
cpe:2.3:o:zyxel:ex3301-t0_firmware:-
-
cpe:2.3:o:zyxel:ex3510-b0_firmware:-
-
cpe:2.3:o:zyxel:ex3510-b0_firmware:5.17(abup.4)c1
-
cpe:2.3:o:zyxel:ex5401-b0_firmware:-
-
cpe:2.3:o:zyxel:ex5501-b0_firmware:-
-
cpe:2.3:o:zyxel:ex5510-b0_firmware:*
-
cpe:2.3:o:zyxel:ex5512-t0_firmware:-
-
cpe:2.3:o:zyxel:ex5600-t1_firmware:-
-
cpe:2.3:o:zyxel:ex5601-t0_firmware:-
-
cpe:2.3:o:zyxel:ex5601-t1_firmware:-
-
cpe:2.3:o:zyxel:lte7480-m804_firmware:*
-
cpe:2.3:o:zyxel:lte7490-m904_firmware:*
-
cpe:2.3:o:zyxel:nebula_nr5101_firmware:*
-
cpe:2.3:o:zyxel:nebula_nr7101_firmware:*
-
cpe:2.3:o:zyxel:nr5101_firmware:*
-
cpe:2.3:o:zyxel:nr7101_firmware:1.00(abu.11)c0
-
cpe:2.3:o:zyxel:nr7101_firmware:1.00(abu.9)c0
-
cpe:2.3:o:zyxel:nr7102_firmware:*
-
cpe:2.3:o:zyxel:pm3100-t0_firmware:-
-
cpe:2.3:o:zyxel:pm5100-t0_firmware:-
-
cpe:2.3:o:zyxel:pm7300-t0_firmware:-
-
cpe:2.3:o:zyxel:pm7320-b0_firmware:-
-
cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-
-
cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-
-
cpe:2.3:o:zyxel:pmg5617ga_firmware:-
-
cpe:2.3:o:zyxel:pmg5622ga_firmware:-
-
cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-
-
cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-
-
cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-
-
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-
-
cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-
-
cpe:2.3:o:zyxel:wx3100-t0_firmware:-
-
cpe:2.3:o:zyxel:wx3401-b0_firmware:-
-
cpe:2.3:o:zyxel:wx5600-t0_firmware:-