Description

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Related CPE's

o

zyxel

lte7480-m804_firmware

Vulnerable

h

zyxel

lte7480-m804

-

o

zyxel

lte7490-m904_firmware

Vulnerable

h

zyxel

lte7490-m904

-

o

zyxel

nebula_nr5101_firmware

Vulnerable

h

zyxel

nebula_nr5101

-

o

zyxel

nebula_nr7101_firmware

Vulnerable

h

zyxel

nebula_nr7101

-

o

zyxel

nr5101_firmware

Vulnerable

h

zyxel

nr5101

-

o

zyxel

nr7101_firmware

Vulnerable

h

zyxel

nr7101

-

o

zyxel

nr7102_firmware

Vulnerable

h

zyxel

nr7102

-

o

zyxel

dx3301-t0_firmware

-

Vulnerable

h

zyxel

dx3301-t0

-

o

zyxel

dx4510-b1_firmware

-

Vulnerable

h

zyxel

dx4510-b1

-

o

zyxel

dx5401-b0_firmware

-

Vulnerable

h

zyxel

dx5401-b0

-

o

zyxel

emg3525-t50b_firmware

-

Vulnerable

h

zyxel

emg3525-t50b

-

o

zyxel

emg5523-t50b_firmware

-

Vulnerable

h

zyxel

emg5523-t50b

-

o

zyxel

emg5723-t50k_firmware

-

Vulnerable

h

zyxel

emg5723-t50k

-

o

zyxel

ex3301-t0_firmware

-

Vulnerable

h

zyxel

ex3301-t0

-

o

zyxel

ex3510-b0_firmware

Vulnerable

h

zyxel

ex3510-b0

-

o

zyxel

ex5401-b0_firmware

-

Vulnerable

h

zyxel

ex5401-b0

-

o

zyxel

ex5501-b0_firmware

-

Vulnerable

h

zyxel

ex5501-b0

-

o

zyxel

ex5510-b0_firmware

Vulnerable

h

zyxel

ex5510-b0

-

o

zyxel

ex5512-t0_firmware

-

Vulnerable

h

zyxel

ex5512-t0

-

o

zyxel

ex5600-t1_firmware

-

Vulnerable

h

zyxel

ex5600-t1

-

o

zyxel

ex5601-t0_firmware

-

Vulnerable

h

zyxel

ex5601-t0

-

o

zyxel

ex5601-t1_firmware

-

Vulnerable

h

zyxel

ex5601-t1

-

o

zyxel

vmg3927-t50k_firmware

-

Vulnerable

h

zyxel

vmg3927-t50k

-

o

zyxel

vmg4005-b50a_firmware

-

Vulnerable

h

zyxel

vmg4005-b50a

-

o

zyxel

vmg4005-b60a_firmware

-

Vulnerable

h

zyxel

vmg4005-b60a

-

o

zyxel

vmg8623-t50b_firmware

-

Vulnerable

h

zyxel

vmg8623-t50b

-

o

zyxel

vmg8825-t50k_firmware

-

Vulnerable

h

zyxel

vmg8825-t50k

-

o

zyxel

ax7501-b0_firmware

-

Vulnerable

h

zyxel

ax7501-b0

-

o

zyxel

pm3100-t0_firmware

-

Vulnerable

h

zyxel

pm3100-t0

-

o

zyxel

pm5100-t0_firmware

-

Vulnerable

h

zyxel

pm5100-t0

-

o

zyxel

pm7300-t0_firmware

-

Vulnerable

h

zyxel

pm7300-t0

-

o

zyxel

pm7320-b0_firmware

-

Vulnerable

h

zyxel

pm7320-b0

-

o

zyxel

pmg5317-t20b_firmware

-

Vulnerable

h

zyxel

pmg5317-t20b

-

o

zyxel

pmg5617-t20b2_firmware

-

Vulnerable

h

zyxel

pmg5617-t20b2

-

o

zyxel

pmg5617ga_firmware

-

Vulnerable

h

zyxel

pmg5617ga

-

o

zyxel

pmg5622ga_firmware

-

Vulnerable

h

zyxel

pmg5622ga

-

o

zyxel

wx3100-t0_firmware

-

Vulnerable

h

zyxel

wx3100-t0

-

o

zyxel

wx3401-b0_firmware

-

Vulnerable

h

zyxel

wx3401-b0

-

o

zyxel

wx5600-t0_firmware

-

Vulnerable

h

zyxel

wx5600-t0

-

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-78

[email protected]

Secondary
CWE-78

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-11T02:15:11.170

2 years ago

Last modified

2023-01-18T21:50:59.000

2 years ago