CVE-2022-43389 — HIGH (8.6)

Q: How severe is CVE-2022-43389?

CVE-2022-43389 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-43389?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Lte3202-M437 Firmware, Zyxel Lte3202-M437, Zyxel Lte3316-M604 Firmware, Zyxel Lte3316-M604, Zyxel Lte7480-M804 Firmware.

Vulnerability Description

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Lte3202-M437 Firmware	< 1.00\(abwf.1\)c0
Zyxel	Lte3202-M437	-
Zyxel	Lte3316-M604 Firmware	< 2.00\(abmp.6\)c0
Zyxel	Lte3316-M604	-
Zyxel	Lte7480-M804 Firmware	< 1.00\(abra.6\)c0
Zyxel	Lte7480-M804	-
Zyxel	Lte7490-M904 Firmware	< 1.00\(abqy.5\)c0
Zyxel	Lte7490-M904	-
Zyxel	Nebula Fwa510 Firmware	< 1.15\(acgd.3\)c0
Zyxel	Nebula Fwa510	-
Zyxel	Nebula Fwa710 Firmware	< 1.15\(acgc.3\)c0
Zyxel	Nebula Fwa710	-
Zyxel	Nebula Nr7101 Firmware	< 1.15\(accc.3\)c0
Zyxel	Nebula Nr7101	-
Zyxel	Nr5103 Firmware	< 4.19\(abyc.3\)c0
Zyxel	Nr5103	-
Zyxel	Nr5103E Firmware	-
Zyxel	Nr5103E	-
Zyxel	Nr7101 Firmware	< 1.00\(abuv.7\)c0
Zyxel	Nr7101	-

Related Weaknesses (CWE)

CWE-120

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory

FAQ

What is CVE-2022-43389?

CVE-2022-43389 is a vulnerability with a CVSS score of 8.6 (HIGH). A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to caus...

How severe is CVE-2022-43389?

CVE-2022-43389 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-43389?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Lte3202-M437 Firmware, Zyxel Lte3202-M437, Zyxel Lte3316-M604 Firmware, Zyxel Lte3316-M604, Zyxel Lte7480-M804 Firmware.