CVE-2022-43392

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Nr7101 Firmware Zyxel Ex3510-b0 Firmware Zyxel Ex5510-b0 Firmware +8 more

Timeline

PublishedJan 11

Description

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

▶CVEListV5zyxel/nr7101_firmware< V1.15(ACCC.3)C0

▶NVDzyxel/nr7101_firmware< 1.00\(abuv.7\)c0

▶NVDzyxel/nebula_nr7101_firmware< 1.15\(accc.3\)c0

▶NVDzyxel/nr5101_firmware< 1.00\(abvc.6\)c0

▶NVDzyxel/nr7102_firmware< 1.00\(abyd.2\)c0

🔴Vulnerability Details

CVEList

CVE-2022-43392: A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1↗2023-01-11

▶

GHSA

GHSA-9g4h-h3jx-fcjh: A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1↗2023-01-11

▶