CVE-2022-38546Improper Access Control in Zyxel Nbg7510 Firmware

CWE-284Improper Access Control3 documents3 sources
Severity
9.8CRITICALNVD
CNA5.3
EPSS
0.3%
top 47.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zyxel Nbg7510 Firmware
Timeline
PublishedDec 21

Description

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5zyxel/nbg7510_firmware< V1.00(ABZY.3)C0
NVDzyxel/nbg7510_firmware1.00\(abzy.2\)c0

🔴Vulnerability Details

2
GHSA
GHSA-pmr6-wh49-g8wf: A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V12022-12-21
CVEList
CVE-2022-38546: A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V12022-12-21
CVE-2022-38546 — Improper Access Control in Zyxel | cvebase