CVE-2022-43389
Last modified
CVE-2022-43389 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.. EPSS estimates a 0.61% chance of exploitation in the next 30 days.
Description
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Lte3202-M437 Firmware | < 1.00\(abwf.1\)c0 |
| Zyxel | Lte3316-M604 Firmware | < 2.00\(abmp.6\)c0 |
| Zyxel | Lte7480-M804 Firmware | < 1.00\(abra.6\)c0 |
| Zyxel | Lte7490-M904 Firmware | < 1.00\(abqy.5\)c0 |
| Zyxel | Nebula Fwa510 Firmware | < 1.15\(acgd.3\)c0 |
| Zyxel | Nebula Fwa710 Firmware | < 1.15\(acgc.3\)c0 |
| Zyxel | Nebula Nr7101 Firmware | < 1.15\(accc.3\)c0 |
| Zyxel | Nr5103 Firmware | < 4.19\(abyc.3\)c0 |
| Zyxel | Nr5103e Firmware | All versions |
| Zyxel | Nr7101 Firmware | < 1.00\(abuv.7\)c0 |
| Zyxel | Nr7102 Firmware | < 1.00\(abyd.2\)c0 |
| Zyxel | Nr7103 Firmware | < 1.00\(accz.1\)c0 |
| Zyxel | Ep240p Firmware | All versions |
| Zyxel | Pm7320-B0 Firmware | All versions |
| Zyxel | Pmg5317-T20b Firmware | All versions |
| Zyxel | Pmg5617ga Firmware | All versions |
| Zyxel | Pmg5622ga Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-43389?
How severe is CVE-2022-43389?
How do I fix CVE-2022-43389?
Are you affected by CVE-2022-43389?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST