CVE-2022-43390
published 2023-01-11CVE-2022-43390: A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | ex3510-b0_firmware | < 5.17\(abup.7\)c0 | 5.17\(abup.7\)c0 |
| zyxel | ex5510-b0_firmware | < 5.17\(abqx.7\)c0 | 5.17\(abqx.7\)c0 |
| zyxel | lte7480-m804_firmware | < 1.00\(abra.6\)c0 | 1.00\(abra.6\)c0 |
| zyxel | lte7490-m904_firmware | < 1.00\(abqy.5\)c0 | 1.00\(abqy.5\)c0 |
| zyxel | nebula_nr5101_firmware | < 1.15\(accg.3\)c0 | 1.15\(accg.3\)c0 |
| zyxel | nebula_nr7101_firmware | < 1.15\(accc.3\)c0 | 1.15\(accc.3\)c0 |
| zyxel | nr5101_firmware | < 1.00\(abvc.6\)c0 | 1.00\(abvc.6\)c0 |
| zyxel | nr7101_firmware | < V1.15(ACCC.3)C0 | V1.15(ACCC.3)C0 |
| zyxel | nr7101_firmware | < 1.00\(abuv.7\)c0 | 1.00\(abuv.7\)c0 |
| zyxel | nr7102_firmware | < 1.00\(abyd.2\)c0 | 1.00\(abyd.2\)c0 |