Vulnerability Description
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Lte3301-Plus Firmware | - |
| Zyxel | Lte3301-Plus | - |
| Zyxel | Lte5388-M804 Firmware | - |
| Zyxel | Lte5388-M804 | - |
| Zyxel | Lte5398-M904 Firmware | - |
| Zyxel | Lte5398-M904 | - |
| Zyxel | Lte7240-M403 Firmware | - |
| Zyxel | Lte7240-M403 | - |
| Zyxel | Lte7461-M602 Firmware | - |
| Zyxel | Lte7461-M602 | - |
| Zyxel | Lte7480-M804 Firmware | < 1.00\(abra.6\)c0 |
| Zyxel | Lte7480-M804 | - |
| Zyxel | Lte7480-S905 Firmware | - |
| Zyxel | Lte7480-S905 | - |
| Zyxel | Lte7485-S905 Firmware | - |
| Zyxel | Lte7485-S905 | - |
| Zyxel | Lte7490-M904 Firmware | < 1.00\(abqy.5\)c0 |
| Zyxel | Lte7490-M904 | - |
| Zyxel | Nebula Lte3301-Plus Firmware | < 1.15\(acca.3\)c0 |
| Zyxel | Nebula Lte3301-Plus | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2022-43391?
CVE-2022-43391 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) cond...
How severe is CVE-2022-43391?
CVE-2022-43391 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43391?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Lte3301-Plus Firmware, Zyxel Lte3301-Plus, Zyxel Lte5388-M804 Firmware, Zyxel Lte5388-M804, Zyxel Lte5398-M904 Firmware.