CVE-2022-43391

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

6.5MEDIUM

EPSS

1.4%

top 19.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nr7101 Firmware Zyxel Ex3510-b0 Firmware Zyxel Ex5510-b0 Firmware +8 more

Timeline

PublishedJan 11

Description

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

▶CVEListV5zyxel/nr7101_firmware< V1.15(ACCC.3)C0

▶NVDzyxel/nr7101_firmware< 1.00\(abuv.7\)c0

▶NVDzyxel/nebula_nr7101_firmware< 1.15\(accc.3\)c0

▶NVDzyxel/nr5101_firmware< 1.00\(abvc.6\)c0

▶NVDzyxel/nr7102_firmware< 1.00\(abyd.2\)c0

🔴Vulnerability Details

CVEList

CVE-2022-43391: A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1↗2023-01-11

▶

GHSA

GHSA-6fjf-x8wx-cw7h: A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1↗2023-01-11

▶