CVE-2022-43389

high-risk
Published 2023-01-11

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Do I need to act?

-
0.91% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (17)

Lte3202-M437 Firmware
Lte3316-M604 Firmware
Lte7480-M804 Firmware
Lte7490-M904 Firmware
Nebula Fwa510 Firmware
Nebula Fwa710 Firmware
Nebula Nr7101 Firmware
Nr5103 Firmware
Nr5103E Firmware
Nr7101 Firmware
Nr7102 Firmware
Nr7103 Firmware
Ep240P Firmware
Pm7320-B0 Firmware
Pmg5317-T20B Firmware
Pmg5617Ga Firmware
Pmg5622Ga Firmware

Affected Vendors

Zyxel

References (2)

Vendor Advisory https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advis...
Vendor Advisory https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advis...
51
/ 100
high-risk
Severity 29/34 · Critical
Exploitability 3/34 · Minimal
Exposure 19/34 · Moderate