CVE-2022-43390

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

2.5%

top 14.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nr7101 Firmware Zyxel Ex3510-b0 Firmware Zyxel Ex5510-b0 Firmware +6 more

Timeline

PublishedJan 11

Description

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages10 packages

▶CVEListV5zyxel/nr7101_firmware< V1.15(ACCC.3)C0

▶NVDzyxel/nr7101_firmware< 1.00\(abuv.7\)c0

▶NVDzyxel/nebula_nr7101_firmware< 1.15\(accc.3\)c0

▶NVDzyxel/nr5101_firmware< 1.00\(abvc.6\)c0

▶NVDzyxel/nr7102_firmware< 1.00\(abyd.2\)c0

🔴Vulnerability Details

CVEList

CVE-2022-43390: A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1↗2023-01-11

▶

GHSA

GHSA-w46r-wg59-pm75: A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1↗2023-01-11

▶