CVE-2022-43390

Description

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Related CPE's

ozyxellte7480-m804_firmware********

hzyxellte7480-m804-*******

ozyxellte7490-m904_firmware********

hzyxellte7490-m904-*******

ozyxelnebula_nr5101_firmware********

hzyxelnebula_nr5101-*******

ozyxelnebula_nr7101_firmware********

hzyxelnebula_nr7101-*******

ozyxelnr5101_firmware********

hzyxelnr5101-*******

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io