Strix
26.1K

CVE-2022-43390

HIGHCVSS 8.8/10EPSS 1.08%

Last modified

CVE-2022-43390 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.08%

61.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ZyxelLte7480-M804 Firmware< 1.00\(abra.6\)c0
ZyxelLte7490-M904 Firmware< 1.00\(abqy.5\)c0
ZyxelNebula Nr5101 Firmware< 1.15\(accg.3\)c0
ZyxelNebula Nr7101 Firmware< 1.15\(accc.3\)c0
ZyxelNr5101 Firmware< 1.00\(abvc.6\)c0
ZyxelNr7101 Firmware< 1.00\(abuv.7\)c0
ZyxelNr7102 Firmware< 1.00\(abyd.2\)c0
ZyxelDx3301-T0 FirmwareAll versions
ZyxelDx4510-B1 FirmwareAll versions
ZyxelDx5401-B0 FirmwareAll versions
ZyxelEmg3525-T50b FirmwareAll versions
ZyxelEmg5523-T50b FirmwareAll versions
ZyxelEmg5723-T50k FirmwareAll versions
ZyxelEx3301-T0 FirmwareAll versions
ZyxelEx3510-B0 Firmware< 5.17\(abup.7\)c0
ZyxelEx5401-B0 FirmwareAll versions
ZyxelEx5501-B0 FirmwareAll versions
ZyxelEx5510-B0 Firmware< 5.17\(abqx.7\)c0
ZyxelEx5512-T0 FirmwareAll versions
ZyxelEx5600-T1 FirmwareAll versions
ZyxelEx5601-T0 FirmwareAll versions
ZyxelEx5601-T1 FirmwareAll versions
ZyxelVmg3927-T50k FirmwareAll versions
ZyxelVmg4005-B50a FirmwareAll versions
ZyxelVmg4005-B60a FirmwareAll versions
ZyxelVmg8623-T50b FirmwareAll versions
ZyxelVmg8825-T50k FirmwareAll versions
ZyxelAx7501-B0 FirmwareAll versions
ZyxelPm3100-T0 FirmwareAll versions
ZyxelPm5100-T0 FirmwareAll versions
ZyxelPm7300-T0 FirmwareAll versions
ZyxelPm7320-B0 FirmwareAll versions
ZyxelPmg5317-T20b FirmwareAll versions
ZyxelPmg5617-T20b2 FirmwareAll versions
ZyxelPmg5617ga FirmwareAll versions
ZyxelPmg5622ga FirmwareAll versions
ZyxelWx3100-T0 FirmwareAll versions
ZyxelWx3401-B0 FirmwareAll versions
ZyxelWx5600-T0 FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-43390?
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
How severe is CVE-2022-43390?
CVE-2022-43390 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.
How do I fix CVE-2022-43390?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-43390?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST