Vulnerability Description
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Lte7480-M804 Firmware | < 1.00\(abra.6\)c0 |
| Zyxel | Lte7480-M804 | - |
| Zyxel | Lte7490-M904 Firmware | < 1.00\(abqy.5\)c0 |
| Zyxel | Lte7490-M904 | - |
| Zyxel | Nebula Nr5101 Firmware | < 1.15\(accg.3\)c0 |
| Zyxel | Nebula Nr5101 | - |
| Zyxel | Nebula Nr7101 Firmware | < 1.15\(accc.3\)c0 |
| Zyxel | Nebula Nr7101 | - |
| Zyxel | Nr5101 Firmware | < 1.00\(abvc.6\)c0 |
| Zyxel | Nr5101 | - |
| Zyxel | Nr7101 Firmware | < 1.00\(abuv.7\)c0 |
| Zyxel | Nr7101 | - |
| Zyxel | Nr7102 Firmware | < 1.00\(abyd.2\)c0 |
| Zyxel | Nr7102 | - |
| Zyxel | Dx3301-T0 Firmware | - |
| Zyxel | Dx3301-T0 | - |
| Zyxel | Dx4510-B1 Firmware | - |
| Zyxel | Dx4510-B1 | - |
| Zyxel | Dx5401-B0 Firmware | - |
| Zyxel | Dx5401-B0 | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2022-43390?
CVE-2022-43390 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device b...
How severe is CVE-2022-43390?
CVE-2022-43390 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43390?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Lte7480-M804 Firmware, Zyxel Lte7480-M804, Zyxel Lte7490-M904 Firmware, Zyxel Lte7490-M904, Zyxel Nebula Nr5101 Firmware.