Zyxel Nr5101 Firmware vulnerabilities

CVE-2022-43390 [MEDIUM] CWE-78 CVE-2022-43390: A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3) A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

CVE-2022-43391 [MEDIUM] CWE-120 CVE-2022-43391: A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior t A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

CVE-2022-43392 [MEDIUM] CWE-120 CVE-2022-43392: A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1. A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

CVE-2021-35036 [MEDIUM] CWE-312 CVE-2021-35036: A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(AB A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.