CVE-2022-43390

CVSS V2 None CVSS V3 None
Description
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Overview
  • CVE ID
  • CVE-2022-43390
  • Assigner
  • security@zyxel.com.tw
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-11T02:15:11
  • Last Modified Date
  • 2023-01-18T21:50:59
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abra.6\)c0
cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abqy.5\)c0
cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:* 1 OR 1.15\(accg.3\)c0
cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:* 1 OR 1.15\(accc.3\)c0
cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abvc.6\)c0
cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abuv.7\)c0
cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abyd.2\)c0
cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex3301-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:* 1 OR 5.17\(abup.7\)c0
cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5401-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5501-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:* 1 OR 5.17\(abqx.7\)c0
cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5512-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5600-t1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5601-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5601-t1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2023-01-11 02:17:19 Added to TrackCVE
2023-01-11 02:17:19 Weakness Enumeration new
2023-01-11 03:18:35 2023-01-11T03:15:09 CVE Modified Date updated
2023-01-11 03:18:35 A command injection vulnerability in the CGI program of Zyxel Nebula NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. Description updated
2023-01-12 05:17:05 2023-01-11T15:09:22 CVE Modified Date updated
2023-01-12 05:17:05 Received Awaiting Analysis Vulnerability Status updated
2023-01-17 14:14:33 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-18 22:14:31 2023-01-18T21:50:59 CVE Modified Date updated
2023-01-18 22:14:31 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-18 22:14:35 CPE Information updated