CVE-2022-43389

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 24.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nr7101 Firmware Zyxel Lte3202-m437 Firmware Zyxel Lte3316-m604 Firmware +8 more

Timeline

PublishedJan 11

Description

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages12 packages

▶CVEListV5zyxel/nr7101_firmware< V1.15(ACCC.3)C0

▶NVDzyxel/nr7101_firmware< 1.00\(abuv.7\)c0

▶NVDzyxel/nebula_nr7101_firmware< 1.15\(accc.3\)c0

▶NVDzyxel/nr5103_firmware< 4.19\(abyc.3\)c0

▶NVDzyxel/nr7102_firmware< 1.00\(abyd.2\)c0

🔴Vulnerability Details

CVEList

CVE-2022-43389: A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1↗2023-01-11

▶

GHSA

GHSA-356g-gwg5-3vmc: A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1↗2023-01-11

▶