Zyxel Nr7101 Firmware vulnerabilities

CVE-2025-13942 [CRITICAL] CWE-78 CVE-2025-13942: A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions thro A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

CVE-2024-8748 [HIGH] CWE-120 CVE-2024-8748: A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

CVE-2024-0816 [MEDIUM] CWE-120 CVE-2024-0816: The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an a The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

CVE-2023-27989 [MEDIUM] CWE-120 CVE-2023-27989: A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CVE-2022-43389 [HIGH] CWE-120 CVE-2022-43389: A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

CVE-2022-43390 [MEDIUM] CWE-78 CVE-2022-43390: A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3) A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

CVE-2022-43392 [MEDIUM] CWE-120 CVE-2022-43392: A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1. A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

CVE-2022-43391 [MEDIUM] CWE-120 CVE-2022-43391: A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior t A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

CVE-2021-35036 [MEDIUM] CWE-312 CVE-2021-35036: A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(AB A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.