Strix
26.1K

CVE-2022-43393

HIGHCVSS 8.2/10EPSS 0.56%

Last modified

CVE-2022-43393 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.

Description

An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.

Metrics

CVSS 3.1
8.2/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS Probability
0.56%

42.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ZyxelGs1350-6hp Firmware< 4.70\(abpi.5\)c0
ZyxelGs1350-12hp Firmware< 4.70\(abpj.5\)c0
ZyxelGs1350-18hp Firmware< 4.70\(abpk.5\)c0
ZyxelGs1350-26hp Firmware< 4.70\(abpl.5\)c0
ZyxelGs1915-8 Firmware< 4.70\(acap.3\)c0
ZyxelGs1915-8ep Firmware< 4.70\(acaq.3\)c0
ZyxelGs1915-24e Firmware< 4.70\(acdr.3\)c0
ZyxelGs1915-24ep Firmware< 4.70\(acds.3\)c0
ZyxelGs1920-24v2 Firmware< 4.70\(abmh.8\)c0
ZyxelGs1920-48v2 Firmware< 4.70\(abmj.8\)c0
ZyxelGs1920-24hpv2 Firmware< 4.70\(abmi.8\)c0
ZyxelGs1920-48hpv2 Firmware< 4.70\(abmk.8\)c0
ZyxelGs2220-10 Firmware< 4.70\(abro.6\)c0
ZyxelGs2220-28 Firmware< 4.70\(abrq.6\)c0
ZyxelGs2220-50 Firmware< 4.70\(abrs.6\)c0
ZyxelGs2220-10hp Firmware< 4.70\(abrp.6\)c0
ZyxelGs2220-28hp Firmware< 4.70\(abrr.6\)c0
ZyxelGs2220-50hp Firmware< 4.70\(abrt.6\)c0
ZyxelXgs1930-28 Firmware< 4.70\(abht.5\)c0
ZyxelXgs1930-28hp Firmware< 4.70\(abhs.5\)c0
ZyxelXgs1930-52 Firmware< 4.70\(abhu.5\)c0
ZyxelXgs1930-52hp Firmware< 4.70\(abhv.5\)c0
ZyxelXs1930-10 Firmware< 4.80\(abqe.0\)c0
ZyxelXs1930-12hp Firmware< 4.80\(abqf.0\)c0
ZyxelXs1930-12f Firmware< 4.80\(abzv.0\)c0
ZyxelXgs2210-28 Firmware< 4.70\(aazj.2\)c0
ZyxelXgs2210-52 Firmware< 4.70\(aazk.2\)c0
ZyxelXgs2210-28hp Firmware< 4.70\(aazl.2\)c0
ZyxelXgs2210-52hp Firmware< 4.70\(aazm.2\)c0
ZyxelXgs2220-30 Firmware< 4.80\(abxn.1\)c0
ZyxelXgs2220-30hp Firmware< 4.80\(abxo.1\)c0
ZyxelXgs2220-30f Firmware< 4.80\(abye.1\)c0
ZyxelXgs2220-54 Firmware< 4.80\(abxp.1\)c0
ZyxelXgs2220-54hp Firmware< 4.80\(abxq.1\)c0
ZyxelXgs2220-54fp Firmware< 4.80\(acce.1\)c0
ZyxelXgs4600-32 Firmware< 4.70\(abbh.4\)c0
ZyxelXgs4600-32f Firmware< 4.70\(abbi.4\)c0
ZyxelXgs4600-52f Firmware< 4.70\(abik.4\)c0
ZyxelXmg1930-30 Firmware< 4.80\(acar.0\)
ZyxelXmg1930-30hp Firmware< 4.80\(acas.0\)
ZyxelXs3800-28 Firmware<= 4.80\(abml.1\)c0
ZyxelMgs3500-24s Firmware< 4.10\(abbr.2\)c0
ZyxelMgs3520-28 Firmware< 4.10\(aatn.5\)c0
ZyxelMgs3520-28 Firmware4.10\(abqm.1\)c0
ZyxelMgs3520-28f Firmware< 4.10\(aatm.4\)c0
ZyxelMgs3530-28 Firmware< 4.10\(acem.2\)c0
ZyxelMgs3530-28 Firmware4.10\(acfj.0\)c0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-43393?
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.
How severe is CVE-2022-43393?
CVE-2022-43393 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 0.56% probability of exploitation in the next 30 days.
How do I fix CVE-2022-43393?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-43393?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST