Strix
26.1K

CVE-2022-43392

MEDIUMCVSS 6.5/10EPSS 0.62%

Last modified

CVE-2022-43392 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.

Description

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.62%

45.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ZyxelLte3301-Plus FirmwareAll versions
ZyxelLte5388-M804 FirmwareAll versions
ZyxelLte5398-M904 FirmwareAll versions
ZyxelLte7240-M403 FirmwareAll versions
ZyxelLte7461-M602 FirmwareAll versions
ZyxelLte7480-M804 Firmware< 1.00\(abra.6\)c0
ZyxelLte7480-S905 FirmwareAll versions
ZyxelLte7485-S905 FirmwareAll versions
ZyxelLte7490-M904 Firmware< 1.00\(abqy.5\)c0
ZyxelNebula Lte3301-Plus Firmware< 1.15\(acca.3\)c0
ZyxelNebula Lte7461-M602 Firmware< 1.15\(acev.3\)c0
ZyxelNebula Nr5101 Firmware< 1.15\(accg.3\)c0
ZyxelNebula Nr7101 Firmware< 1.15\(accc.3\)c0
ZyxelNr5101 Firmware< 1.00\(abvc.6\)c0
ZyxelNr7101 Firmware< 1.00\(abuv.7\)c0
ZyxelNr7102 Firmware< 1.00\(abyd.2\)c0
ZyxelDx3301-T0 FirmwareAll versions
ZyxelDx4510-B1 FirmwareAll versions
ZyxelDx5401-B0 FirmwareAll versions
ZyxelEmg3525-T50b FirmwareAll versions
ZyxelEmg5523-T50b FirmwareAll versions
ZyxelEmg5723-T50k FirmwareAll versions
ZyxelEx3301-T0 FirmwareAll versions
ZyxelEx3510-B0 Firmware< 5.17\(abup.7\)c0
ZyxelEx5401-B0 FirmwareAll versions
ZyxelEx5501-B0 FirmwareAll versions
ZyxelEx5510-B0 Firmware< 5.17\(abqx.7\)c0
ZyxelEx5512-T0 FirmwareAll versions
ZyxelEx5600-T1 FirmwareAll versions
ZyxelEx5601-T0 FirmwareAll versions
ZyxelEx5601-T1 FirmwareAll versions
ZyxelVmg3927-T50k FirmwareAll versions
ZyxelVmg4005-B50a FirmwareAll versions
ZyxelVmg4005-B60a FirmwareAll versions
ZyxelVmg8623-T50b FirmwareAll versions
ZyxelVmg8825-T50k FirmwareAll versions
ZyxelAx7501-B0 FirmwareAll versions
ZyxelPm3100-T0 FirmwareAll versions
ZyxelPm5100-T0 FirmwareAll versions
ZyxelPm7300-T0 FirmwareAll versions
ZyxelPm7320-B0 FirmwareAll versions
ZyxelPmg5317-T20b FirmwareAll versions
ZyxelPmg5617-T20b2 FirmwareAll versions
ZyxelPmg5617ga FirmwareAll versions
ZyxelPmg5622ga FirmwareAll versions
ZyxelWx3100-T0 FirmwareAll versions
ZyxelWx3401-B0 FirmwareAll versions
ZyxelWx5600-T0 FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-43392?
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
How severe is CVE-2022-43392?
CVE-2022-43392 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.62% probability of exploitation in the next 30 days.
How do I fix CVE-2022-43392?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-43392?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST