Vulnerability Details : CVE-2022-43391
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2022-43391
- cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5401-b0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5501-b0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte7240-m403_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte7461-m602_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte7480-s905_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte7485-s905_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex3301-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5512-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5600-t1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5601-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:ex5601-t1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-43391
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-43391
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
2.8
|
4.2
|
Zyxel Corporation | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
Zyxel Corporation |
CWE ids for CVE-2022-43391
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by:
- nvd@nist.gov (Primary)
- security@zyxel.com.tw (Secondary)
References for CVE-2022-43391
-
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders
Zyxel security advisory for command injection and buffer overflow vulnerabilities of CPE, fiber ONTs, and WiFi extenders | Zyxel NetworksVendor Advisory
Jump to