CVE-2022-43392

CVSS V2 None CVSS V3 None

Description

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

Overview

CVE ID
CVE-2022-43392

Assigner
security@zyxel.com.tw

Vulnerability Status
Analyzed

Published Version
2023-01-11T02:15:11

Last Modified Date
2023-01-18T23:38:04

Weakness Enumerations

CWE	URL
CWE-120	http://cwe.mitre.org/data/definitions/120.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:zyxel:lte3301-plus_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:lte3301-plus:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte5388-m804_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:lte5388-m804:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte5398-m904_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:lte5398-m904:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte7240-m403_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:lte7240-m403:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte7461-m602_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:lte7461-m602:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte7480-m804_firmware::::::::	1	OR	1.00\(abra.6\)c0
cpe:2.3:h:zyxel:lte7480-m804:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte7480-s905_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:lte7480-s905:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte7485-s905_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:lte7485-s905:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:lte7490-m904_firmware::::::::	1	OR	1.00\(abqy.5\)c0
cpe:2.3:h:zyxel:lte7490-m904:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware::::::::	1	OR	1.15\(acca.3\)c0
cpe:2.3:h:zyxel:nebula_lte3301-plus:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware::::::::	1	OR	1.15\(acev.3\)c0
cpe:2.3:h:zyxel:nebula_lte7461-m602:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:nebula_nr5101_firmware::::::::	1	OR	1.15\(accg.3\)c0
cpe:2.3:h:zyxel:nebula_nr5101:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:nebula_nr7101_firmware::::::::	1	OR	1.15\(accc.3\)c0
cpe:2.3:h:zyxel:nebula_nr7101:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:nr5101_firmware::::::::	1	OR	1.00\(abvc.6\)c0
cpe:2.3:h:zyxel:nr5101:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:nr7101_firmware::::::::	1	OR	1.00\(abuv.7\)c0
cpe:2.3:h:zyxel:nr7101:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:nr7102_firmware::::::::	1	OR	1.00\(abyd.2\)c0
cpe:2.3:h:zyxel:nr7102:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:dx3301-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:dx3301-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:dx4510-b1_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:dx4510-b1:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:dx5401-b0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:dx5401-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:emg3525-t50b:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:emg5523-t50b:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:emg5723-t50k:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex3301-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ex3301-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex3510-b0_firmware::::::::	1	OR	5.17\(abup.7\)c0
cpe:2.3:h:zyxel:ex3510-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex5401-b0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ex5401-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex5501-b0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ex5501-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex5510-b0_firmware::::::::	1	OR	5.17\(abqx.7\)c0
cpe:2.3:h:zyxel:ex5510-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex5512-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ex5512-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex5600-t1_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ex5600-t1:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex5601-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ex5601-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ex5601-t1_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ex5601-t1:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:vmg3927-t50k:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:vmg4005-b50a:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:vmg4005-b60a:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:vmg8623-t50b:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:vmg8825-t50k:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:ax7501-b0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:ax7501-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pm3100-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pm3100-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pm5100-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pm5100-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pm7300-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pm7300-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pm7320-b0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pm7320-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pmg5317-t20b:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pmg5617-t20b2:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pmg5617ga_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pmg5617ga:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:pmg5622ga_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:pmg5622ga:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:wx3100-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:wx3100-t0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:wx3401-b0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:wx3401-b0:-:::::::*	0	OR
		AND
cpe:2.3:o:zyxel:wx5600-t0_firmware:-:::::::*	1	OR
cpe:2.3:h:zyxel:wx5600-t0:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-43392
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43392

History

Created	Old Value	New Value	Data Type	Notes
2023-01-11 02:17:19				Added to TrackCVE
2023-01-11 02:17:20			Weakness Enumeration	new
2023-01-11 03:18:35		2023-01-11T03:15:09	CVE Modified Date	updated
2023-01-11 03:18:36	A buffer overflow vulnerability in the parameter of web server in Zyxel Nebula NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.	A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.	Description	updated
2023-01-12 05:17:05		2023-01-11T15:09:22	CVE Modified Date	updated
2023-01-12 05:17:05	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-17 14:14:33	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-19 00:18:20		2023-01-18T23:38:04	CVE Modified Date	updated
2023-01-19 00:18:20	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-19 00:18:25			CPE Information	updated