CVE-2022-43391

CVSS V2 None CVSS V3 None
Description
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
Overview
  • CVE ID
  • CVE-2022-43391
  • Assigner
  • security@zyxel.com.tw
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-11T02:15:11
  • Last Modified Date
  • 2023-01-18T23:38:21
Weakness Enumerations
CWE URL
CWE-120 http://cwe.mitre.org/data/definitions/120.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:lte5388-m804:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:lte5398-m904:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte7240-m403_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:lte7240-m403:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte7461-m602_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:lte7461-m602:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abra.6\)c0
cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte7480-s905_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:lte7480-s905:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte7485-s905_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:lte7485-s905:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abqy.5\)c0
cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:* 1 OR 1.15\(acca.3\)c0
cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware:*:*:*:*:*:*:*:* 1 OR 1.15\(acev.3\)c0
cpe:2.3:h:zyxel:nebula_lte7461-m602:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:* 1 OR 1.15\(accg.3\)c0
cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:* 1 OR 1.15\(accc.3\)c0
cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abvc.6\)c0
cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abuv.7\)c0
cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:* 1 OR 1.00\(abyd.2\)c0
cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex3301-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:* 1 OR 5.17\(abup.7\)c0
cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5401-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5501-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:* 1 OR 5.17\(abqx.7\)c0
cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5512-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5600-t1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5601-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ex5601-t1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-43391
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43391
History
Created Old Value New Value Data Type Notes
2023-01-11 02:17:19 Added to TrackCVE
2023-01-11 02:17:19 Weakness Enumeration new
2023-01-12 05:17:05 2023-01-11T15:09:22 CVE Modified Date updated
2023-01-12 05:17:05 Received Awaiting Analysis Vulnerability Status updated
2023-01-17 14:14:33 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-19 00:18:20 2023-01-18T23:38:21 CVE Modified Date updated
2023-01-19 00:18:20 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-19 00:18:25 CPE Information updated