Search criteria
21 vulnerabilities found for pmg5317-t20b_firmware by zyxel
FKIE_CVE-2022-43392
Vulnerability from fkie_nvd - Published: 2023-01-11 02:15 - Updated: 2024-11-21 07:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77E3A51F-C92D-4E83-A05E-A26225D4CFDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4814D3A1-C0D4-4573-AD77-C2EE7AC11CB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7440E3-02F9-4416-A571-0008EA8206F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5388-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E67FFCF7-ECE9-4644-B248-1B6E10AD9398",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52D18788-84EE-4880-B70D-DE385C5C1100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5398-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F90453B8-19FF-4FF3-A167-E1A70E022201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7240-m403_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC6FB56-8601-49D2-BD8C-4D373CF5ACD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7240-m403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE2212F-D523-4706-9FD2-FDA760EE4B4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7461-m602_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEE2F4F-8E90-4D2D-BFDE-DD5B23897087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7461-m602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A307AD3-4E60-4859-B182-4CD4CB843757",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFDC741-78E6-42AA-B647-DEE9F04AA2DD",
"versionEndExcluding": "1.00\\(abra.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-s905_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCAE189-6379-40E6-A4FA-1E0431CCCD09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-s905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7AF237-04F2-4054-96DE-3FD059CF4B35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7485-s905_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DDDBA4-966E-4143-9A33-A2431383A732",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7485-s905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09953F0-2415-45F7-811C-E9D1A361284C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB812F29-2FAE-414C-9047-2471148B1E36",
"versionEndExcluding": "1.00\\(abqy.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD8C47E-C19E-4848-9898-CE0AAF05B0DD",
"versionEndExcluding": "1.15\\(acca.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42297A6A-3E50-4E9E-ABF6-58C77F222DC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF0A17A-5F34-4CD7-8A67-DA277CF78CFC",
"versionEndExcluding": "1.15\\(acev.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_lte7461-m602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA94AF-24B0-4C91-A990-9418EA5A5DAC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01D0F1E5-B9F0-4B64-8331-D18641EC161F",
"versionEndExcluding": "1.15\\(accg.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F605B8-A892-4119-AB7A-D14CDC5DFC88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA537481-4311-4C5E-B577-76C8A789FDAC",
"versionEndExcluding": "1.15\\(accc.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8687A-EADF-4B15-8F41-78F1070E0CA3",
"versionEndExcluding": "1.00\\(abvc.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11197D03-1C93-4D6A-950C-273E46CBBC62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A72A80-DA68-4353-8FEA-D372180F8401",
"versionEndExcluding": "1.00\\(abuv.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C56958A5-2427-4A9A-BD40-3B548437CA36",
"versionEndExcluding": "1.00\\(abyd.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE37DB-6F39-48FE-8CE9-626036234C16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDC072-5D40-4130-9B5F-22FDA9BF909A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F40E06-666B-490C-84F7-1A7B49834CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE285587-D5F3-42E5-ACB6-BDD03A50236C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4917CDD6-B5D9-4674-AE43-B75B60B8289E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90DEAC05-EB3A-451D-9C0F-8D22B8886605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1219D188-2A83-41EC-AC8D-694901E6067C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3301-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1F9ACE-DA82-4449-ADF9-5F8F540B812E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4434EF63-63EA-4A27-A6EF-CEE3000E9F02",
"versionEndExcluding": "5.17\\(abup.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15D01EDB-A41C-4FC1-9C4B-38B69360BE90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87D32815-5026-4A9A-8C8E-C30F154833AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EC2DCD-97F2-4E13-AE82-468DBF052C4E",
"versionEndExcluding": "5.17\\(abqx.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E82D41CC-2EB3-4892-8383-FB2C9EC64D9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5512-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF2B306-1EBD-4A14-A865-94C50F2F036D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F32FA3FB-CE89-4CC1-9D8D-765B90A122DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5600-t1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C46819-2848-4C0D-B360-F6987E9D3A82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "021CFB91-4627-4080-BF09-0BB5EFA708DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13E7B377-3CF1-4BF5-A960-75952BC382D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFF2039-5DCC-4850-8BDA-3D418629C226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D41D53E2-CB40-4715-A2B5-E9E87C1F3AE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D629D4B6-B2F2-45F1-9295-71751570C231",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBF0F8D-90CC-4089-AC9A-665348D27331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD68CC70-242D-4A88-B182-DB68D2086225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F74228-AC0C-4150-974D-54D77BBF9A90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59AA0D1-9564-48FA-A0AF-C1FC67C0D1EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30C1B91D-3EA0-4A1D-833A-6767A6C84DA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C75B24C-177A-470B-BCDE-39D31B0199F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8901BBA-F2D4-49B8-80CF-4BABB5D2F365",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F890C3-F15D-4154-8E70-1529C7C8D89A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85D00E0-AA47-48AD-8914-A443482D7D7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F78F88D4-A782-4075-A3CB-A728CE4014DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E683B32-A1A0-4DA4-81C4-61513E9E585F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "249AF476-CAA4-4C87-8CC3-E0AF15E61F7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481013ED-2B6F-4FBB-881A-C0CD038C5FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B9C504-41A4-4756-BDB0-2EE317F801AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A479CC-D543-49A1-8A37-7E9D4A0F0009",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1141E1B7-B6B8-496B-A2CA-A9076D805741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA3BD8C-4FBB-45B6-AB00-55F7D5BA3C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FB20C-6740-431A-A0CA-6EC3FDD3C505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F61E8935-26CD-4664-A95C-1BCA77DBC4DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA532797-C2BF-4A37-9A36-92F1115150AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C56248-D12F-46DC-A52F-0607E4A5DCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E011E78-E7E7-4F84-9A7D-A6548AFBE30C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "677C554B-F9C7-4780-97C0-6021146F8B3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED109DF-7C43-4CEC-AC2C-80762B60C776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el par\u00e1metro del servidor web en el firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podr\u00eda permitir que un atacante autenticado cause condiciones de denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de una solicitud de autorizaci\u00f3n manipulada."
}
],
"id": "CVE-2022-43392",
"lastModified": "2024-11-21T07:26:23.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-01-11T02:15:11.327",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-43391
Vulnerability from fkie_nvd - Published: 2023-01-11 02:15 - Updated: 2024-11-21 07:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte3301-plus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77E3A51F-C92D-4E83-A05E-A26225D4CFDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4814D3A1-C0D4-4573-AD77-C2EE7AC11CB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5388-m804_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7440E3-02F9-4416-A571-0008EA8206F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5388-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E67FFCF7-ECE9-4644-B248-1B6E10AD9398",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5398-m904_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52D18788-84EE-4880-B70D-DE385C5C1100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5398-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F90453B8-19FF-4FF3-A167-E1A70E022201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7240-m403_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC6FB56-8601-49D2-BD8C-4D373CF5ACD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7240-m403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE2212F-D523-4706-9FD2-FDA760EE4B4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7461-m602_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEE2F4F-8E90-4D2D-BFDE-DD5B23897087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7461-m602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A307AD3-4E60-4859-B182-4CD4CB843757",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFDC741-78E6-42AA-B647-DEE9F04AA2DD",
"versionEndExcluding": "1.00\\(abra.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-s905_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCAE189-6379-40E6-A4FA-1E0431CCCD09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-s905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7AF237-04F2-4054-96DE-3FD059CF4B35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7485-s905_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DDDBA4-966E-4143-9A33-A2431383A732",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7485-s905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09953F0-2415-45F7-811C-E9D1A361284C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB812F29-2FAE-414C-9047-2471148B1E36",
"versionEndExcluding": "1.00\\(abqy.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD8C47E-C19E-4848-9898-CE0AAF05B0DD",
"versionEndExcluding": "1.15\\(acca.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42297A6A-3E50-4E9E-ABF6-58C77F222DC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF0A17A-5F34-4CD7-8A67-DA277CF78CFC",
"versionEndExcluding": "1.15\\(acev.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_lte7461-m602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA94AF-24B0-4C91-A990-9418EA5A5DAC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01D0F1E5-B9F0-4B64-8331-D18641EC161F",
"versionEndExcluding": "1.15\\(accg.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F605B8-A892-4119-AB7A-D14CDC5DFC88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA537481-4311-4C5E-B577-76C8A789FDAC",
"versionEndExcluding": "1.15\\(accc.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8687A-EADF-4B15-8F41-78F1070E0CA3",
"versionEndExcluding": "1.00\\(abvc.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11197D03-1C93-4D6A-950C-273E46CBBC62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A72A80-DA68-4353-8FEA-D372180F8401",
"versionEndExcluding": "1.00\\(abuv.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C56958A5-2427-4A9A-BD40-3B548437CA36",
"versionEndExcluding": "1.00\\(abyd.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE37DB-6F39-48FE-8CE9-626036234C16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDC072-5D40-4130-9B5F-22FDA9BF909A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F40E06-666B-490C-84F7-1A7B49834CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE285587-D5F3-42E5-ACB6-BDD03A50236C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4917CDD6-B5D9-4674-AE43-B75B60B8289E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90DEAC05-EB3A-451D-9C0F-8D22B8886605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1219D188-2A83-41EC-AC8D-694901E6067C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3301-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1F9ACE-DA82-4449-ADF9-5F8F540B812E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4434EF63-63EA-4A27-A6EF-CEE3000E9F02",
"versionEndExcluding": "5.17\\(abup.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15D01EDB-A41C-4FC1-9C4B-38B69360BE90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87D32815-5026-4A9A-8C8E-C30F154833AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EC2DCD-97F2-4E13-AE82-468DBF052C4E",
"versionEndExcluding": "5.17\\(abqx.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E82D41CC-2EB3-4892-8383-FB2C9EC64D9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5512-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF2B306-1EBD-4A14-A865-94C50F2F036D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F32FA3FB-CE89-4CC1-9D8D-765B90A122DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5600-t1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C46819-2848-4C0D-B360-F6987E9D3A82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "021CFB91-4627-4080-BF09-0BB5EFA708DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13E7B377-3CF1-4BF5-A960-75952BC382D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFF2039-5DCC-4850-8BDA-3D418629C226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D41D53E2-CB40-4715-A2B5-E9E87C1F3AE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D629D4B6-B2F2-45F1-9295-71751570C231",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBF0F8D-90CC-4089-AC9A-665348D27331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD68CC70-242D-4A88-B182-DB68D2086225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F74228-AC0C-4150-974D-54D77BBF9A90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59AA0D1-9564-48FA-A0AF-C1FC67C0D1EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30C1B91D-3EA0-4A1D-833A-6767A6C84DA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C75B24C-177A-470B-BCDE-39D31B0199F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8901BBA-F2D4-49B8-80CF-4BABB5D2F365",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F890C3-F15D-4154-8E70-1529C7C8D89A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85D00E0-AA47-48AD-8914-A443482D7D7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F78F88D4-A782-4075-A3CB-A728CE4014DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E683B32-A1A0-4DA4-81C4-61513E9E585F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "249AF476-CAA4-4C87-8CC3-E0AF15E61F7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481013ED-2B6F-4FBB-881A-C0CD038C5FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B9C504-41A4-4756-BDB0-2EE317F801AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A479CC-D543-49A1-8A37-7E9D4A0F0009",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1141E1B7-B6B8-496B-A2CA-A9076D805741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA3BD8C-4FBB-45B6-AB00-55F7D5BA3C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FB20C-6740-431A-A0CA-6EC3FDD3C505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F61E8935-26CD-4664-A95C-1BCA77DBC4DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA532797-C2BF-4A37-9A36-92F1115150AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C56248-D12F-46DC-A52F-0607E4A5DCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E011E78-E7E7-4F84-9A7D-A6548AFBE30C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "677C554B-F9C7-4780-97C0-6021146F8B3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED109DF-7C43-4CEC-AC2C-80762B60C776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el par\u00e1metro del programa CGI en el firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podr\u00eda permitir a un atacante autenticado causar condiciones de denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de una solicitud HTTP manipulada."
}
],
"id": "CVE-2022-43391",
"lastModified": "2024-11-21T07:26:23.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-01-11T02:15:11.250",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-43389
Vulnerability from fkie_nvd - Published: 2023-01-11 02:15 - Updated: 2024-11-21 07:26
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte3202-m437_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEED7B93-7998-429A-9B16-49BAE465704F",
"versionEndExcluding": "1.00\\(abwf.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte3202-m437:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFA5A91-B372-464B-9C8E-DFC6552E64EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte3316-m604_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBDC947-18E3-4A46-A7B3-9AB18032254E",
"versionEndExcluding": "2.00\\(abmp.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte3316-m604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557BE1D0-A562-4176-8E59-562E329DD602",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFDC741-78E6-42AA-B647-DEE9F04AA2DD",
"versionEndExcluding": "1.00\\(abra.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB812F29-2FAE-414C-9047-2471148B1E36",
"versionEndExcluding": "1.00\\(abqy.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D1CEC6-D45B-4B6A-8A58-B099ADF57413",
"versionEndExcluding": "1.15\\(acgd.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_fwa510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80B7099C-DAA5-4902-A62B-B680C9450575",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7233D1-3202-471C-AEEA-F76E79F78346",
"versionEndExcluding": "1.15\\(acgc.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_fwa710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92221518-C7EA-46D7-8037-A580CEA01093",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA537481-4311-4C5E-B577-76C8A789FDAC",
"versionEndExcluding": "1.15\\(accc.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B98AC59-4E5F-40AC-B6D6-DD669FAFEDCD",
"versionEndExcluding": "4.19\\(abyc.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C821C282-A1E3-4E31-A0C3-96936A4D90CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr5103e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60ABD202-BEB3-4E0D-98CB-30AAA54E5B3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr5103e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C7B929-E318-4E17-8AF9-160C8613132D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A72A80-DA68-4353-8FEA-D372180F8401",
"versionEndExcluding": "1.00\\(abuv.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C56958A5-2427-4A9A-BD40-3B548437CA36",
"versionEndExcluding": "1.00\\(abyd.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD95007-25FD-4EF9-A461-19FBB4468B3D",
"versionEndExcluding": "1.00\\(accz.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77584A2D-D878-46E5-A632-10912DC3B794",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ep240p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB5CB3D-4EBA-4C71-886A-5FF336E9F842",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91367DDE-F430-42F7-B4F2-28AEF7FDCB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B9C504-41A4-4756-BDB0-2EE317F801AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A479CC-D543-49A1-8A37-7E9D4A0F0009",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1141E1B7-B6B8-496B-A2CA-A9076D805741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FB20C-6740-431A-A0CA-6EC3FDD3C505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F61E8935-26CD-4664-A95C-1BCA77DBC4DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la librer\u00eda del servidor web en el firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podr\u00eda permitir que un atacante no autenticado ejecute algunos comandos del sistema operativo o cause condiciones de denegaci\u00f3n de servicio (DoS) en un dispositivo vulnerable."
}
],
"id": "CVE-2022-43389",
"lastModified": "2024-11-21T07:26:22.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T02:15:11.073",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-43390
Vulnerability from fkie_nvd - Published: 2023-01-11 02:15 - Updated: 2024-11-21 07:26
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFDC741-78E6-42AA-B647-DEE9F04AA2DD",
"versionEndExcluding": "1.00\\(abra.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB812F29-2FAE-414C-9047-2471148B1E36",
"versionEndExcluding": "1.00\\(abqy.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01D0F1E5-B9F0-4B64-8331-D18641EC161F",
"versionEndExcluding": "1.15\\(accg.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F605B8-A892-4119-AB7A-D14CDC5DFC88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA537481-4311-4C5E-B577-76C8A789FDAC",
"versionEndExcluding": "1.15\\(accc.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8687A-EADF-4B15-8F41-78F1070E0CA3",
"versionEndExcluding": "1.00\\(abvc.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11197D03-1C93-4D6A-950C-273E46CBBC62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A72A80-DA68-4353-8FEA-D372180F8401",
"versionEndExcluding": "1.00\\(abuv.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C56958A5-2427-4A9A-BD40-3B548437CA36",
"versionEndExcluding": "1.00\\(abyd.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE37DB-6F39-48FE-8CE9-626036234C16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDC072-5D40-4130-9B5F-22FDA9BF909A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F40E06-666B-490C-84F7-1A7B49834CC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE285587-D5F3-42E5-ACB6-BDD03A50236C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4917CDD6-B5D9-4674-AE43-B75B60B8289E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90DEAC05-EB3A-451D-9C0F-8D22B8886605",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1219D188-2A83-41EC-AC8D-694901E6067C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3301-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D1F9ACE-DA82-4449-ADF9-5F8F540B812E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4434EF63-63EA-4A27-A6EF-CEE3000E9F02",
"versionEndExcluding": "5.17\\(abup.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15D01EDB-A41C-4FC1-9C4B-38B69360BE90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87D32815-5026-4A9A-8C8E-C30F154833AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EC2DCD-97F2-4E13-AE82-468DBF052C4E",
"versionEndExcluding": "5.17\\(abqx.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E82D41CC-2EB3-4892-8383-FB2C9EC64D9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5512-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF2B306-1EBD-4A14-A865-94C50F2F036D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F32FA3FB-CE89-4CC1-9D8D-765B90A122DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5600-t1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C46819-2848-4C0D-B360-F6987E9D3A82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "021CFB91-4627-4080-BF09-0BB5EFA708DD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13E7B377-3CF1-4BF5-A960-75952BC382D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFF2039-5DCC-4850-8BDA-3D418629C226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5601-t1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D41D53E2-CB40-4715-A2B5-E9E87C1F3AE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D629D4B6-B2F2-45F1-9295-71751570C231",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBF0F8D-90CC-4089-AC9A-665348D27331",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD68CC70-242D-4A88-B182-DB68D2086225",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88F74228-AC0C-4150-974D-54D77BBF9A90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B59AA0D1-9564-48FA-A0AF-C1FC67C0D1EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30C1B91D-3EA0-4A1D-833A-6767A6C84DA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C75B24C-177A-470B-BCDE-39D31B0199F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8901BBA-F2D4-49B8-80CF-4BABB5D2F365",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F890C3-F15D-4154-8E70-1529C7C8D89A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D85D00E0-AA47-48AD-8914-A443482D7D7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F78F88D4-A782-4075-A3CB-A728CE4014DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E683B32-A1A0-4DA4-81C4-61513E9E585F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "249AF476-CAA4-4C87-8CC3-E0AF15E61F7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481013ED-2B6F-4FBB-881A-C0CD038C5FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B9C504-41A4-4756-BDB0-2EE317F801AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A479CC-D543-49A1-8A37-7E9D4A0F0009",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1141E1B7-B6B8-496B-A2CA-A9076D805741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA3BD8C-4FBB-45B6-AB00-55F7D5BA3C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366FB20C-6740-431A-A0CA-6EC3FDD3C505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F61E8935-26CD-4664-A95C-1BCA77DBC4DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA532797-C2BF-4A37-9A36-92F1115150AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C56248-D12F-46DC-A52F-0607E4A5DCCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E011E78-E7E7-4F84-9A7D-A6548AFBE30C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "677C554B-F9C7-4780-97C0-6021146F8B3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED109DF-7C43-4CEC-AC2C-80762B60C776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el programa CGI del firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podr\u00eda permitir a un atacante autenticado ejecutar algunos comandos del sistema operativo en un dispositivo vulnerable enviando una solicitud HTTP manipulada."
}
],
"id": "CVE-2022-43390",
"lastModified": "2024-11-21T07:26:23.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T02:15:11.170",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26414
Vulnerability from fkie_nvd - Published: 2022-04-11 13:15 - Updated: 2024-11-21 06:53
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3312-t20a_firmware:5.30\\(abfx.5\\)c0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF433563-7AA7-41BF-9ECF-F1E1B9C5C1C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3312-t20a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AF3952-10E9-4AC8-BA25-BA5C3C203063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "FE982B82-95DD-40FA-8A7E-F6EB44323692",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "EB52E6B4-08EF-4427-AA01-E783C9F1FCF4",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "A48A0914-787A-4884-909E-3332DD472873",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "1B417B43-F5C6-4551-BD4E-7E2706BCF8B9",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAE1EA0-A113-4324-8347-838A01B00437",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D931985-C10C-41C4-B459-FC454DE8C9FA",
"versionEndExcluding": "5.13\\(abnp.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5252A997-772F-4785-8440-B7909A9860A8",
"versionEndExcluding": "5.50\\(absb.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37348176-08FD-40F0-9903-05ABABBB1F5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "331ACFBC-2467-45CC-82A3-717C93D34D02",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291B5E34-3870-46DD-9A74-2D2FFD1B6E52",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F814684F-D45D-4EF8-A294-A6122B7A760B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D55734D-F4F4-4C97-BC31-7B532DA47EA9",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BE349D-EC30-4EB7-8B68-EA7223364A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4293E4-AE61-4978-A750-D5FAF442D67B",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99C11501-33FD-4421-909E-E6533EF6F03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8201B9D7-433E-4D79-9115-FA1F25223121",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543081DE-AEC8-4658-AAE4-63EE1A261645",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A24F15A-1F77-413C-9BD1-CFBE890ACD31",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDACBF89-DCA8-43F0-91BF-8A29E63B33BD",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED88F55C-C687-4413-BEC8-DEB15D6AA2F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B10EC6-E8B2-4619-8F9D-10516569B806",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D66B624-EAAA-4C2D-BBE6-D0A0ED6BD5F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0933D98-49F6-4B0F-9D04-2149BFB7FB7F",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502EBC83-0E8D-4B13-BA0D-040B40C58A1D",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7654E872-36CA-4502-9B91-01741D6E4F46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B963909-27C2-43A6-9479-EE2F863FC817",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6368C175-7D1B-4F70-B11F-B8CE7FBE0B82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81E3153A-08CF-4F02-97EA-B68751EE7791",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B19AC3-D417-48C7-8C18-F5516794260B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E58CAE-3737-406F-9647-B59598A6733A",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4861B59F-AB86-4A4D-A04C-6EE68EC4A206",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91B77C-EC30-4C88-AAEB-330B7A3E0470",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6781DA-4800-47E9-BB67-89ACC0F43D04",
"versionEndExcluding": "5.17\\(abup.4\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B44185-756B-4B9B-A377-DB3191606702",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291AA836-D0F7-4AD7-8D76-0F1A5B9ECCCF",
"versionEndExcluding": "5.17\\(abry.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF7BC18-210C-4E21-A850-61A8D6B701BE",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457C1585-BD6F-4C3A-953D-96194EDD065E",
"versionEndExcluding": "5.40\\(abh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91367DDE-F430-42F7-B4F2-28AEF7FDCB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E0639D-0861-4A10-AFA6-8251AD2217BB",
"versionEndExcluding": "5.42\\(acbc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA4B81-5FE7-43D5-8A96-A1BF0CBA8CC6",
"versionEndExcluding": "5.40\\(abki.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E53F230A-806F-413B-BE4B-2A95645751DF",
"versionEndExcluding": "5.40\\(abna.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFBE0FC-A355-4E32-A606-4130B2581CE1",
"versionEndExcluding": "5.41\\(acbb.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09514F76-89EC-4ADF-9400-F14BB917EF97",
"versionEndExcluding": "5.40\\(abnb.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:px7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C655ED2E-A791-40B7-99C5-FF3F874A2A27",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:px7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "076C6AD3-E8A3-4639-805E-20FA866BDFDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
},
{
"lang": "es",
"value": "Se ha identificado una potencial vulnerabilidad de desbordamiento de b\u00fafer en algunas funciones internas del firmware de Zyxel VMG3312-T20A versi\u00f3n 5.30(ABFX.5)C0, que podr\u00eda ser aprovechada por un atacante local autenticado para causar una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-26414",
"lastModified": "2024-11-21T06:53:54.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T13:15:07.857",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26413
Vulnerability from fkie_nvd - Published: 2022-04-11 13:15 - Updated: 2024-11-21 06:53
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3312-t20a_firmware:5.30\\(abfx.5\\)c0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF433563-7AA7-41BF-9ECF-F1E1B9C5C1C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3312-t20a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AF3952-10E9-4AC8-BA25-BA5C3C203063",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "FE982B82-95DD-40FA-8A7E-F6EB44323692",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "EB52E6B4-08EF-4427-AA01-E783C9F1FCF4",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:america:*:*:*",
"matchCriteriaId": "A48A0914-787A-4884-909E-3332DD472873",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "1B417B43-F5C6-4551-BD4E-7E2706BCF8B9",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAE1EA0-A113-4324-8347-838A01B00437",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D931985-C10C-41C4-B459-FC454DE8C9FA",
"versionEndExcluding": "5.13\\(abnp.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg1312-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5252A997-772F-4785-8440-B7909A9860A8",
"versionEndExcluding": "5.50\\(absb.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg1312-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37348176-08FD-40F0-9903-05ABABBB1F5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "331ACFBC-2467-45CC-82A3-717C93D34D02",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291B5E34-3870-46DD-9A74-2D2FFD1B6E52",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F814684F-D45D-4EF8-A294-A6122B7A760B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D55734D-F4F4-4C97-BC31-7B532DA47EA9",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BE349D-EC30-4EB7-8B68-EA7223364A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D4293E4-AE61-4978-A750-D5FAF442D67B",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99C11501-33FD-4421-909E-E6533EF6F03A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8201B9D7-433E-4D79-9115-FA1F25223121",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543081DE-AEC8-4658-AAE4-63EE1A261645",
"versionEndExcluding": "5.13\\(ably.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A24F15A-1F77-413C-9BD1-CFBE890ACD31",
"versionEndExcluding": "5.50\\(abpm.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDACBF89-DCA8-43F0-91BF-8A29E63B33BD",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED88F55C-C687-4413-BEC8-DEB15D6AA2F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B10EC6-E8B2-4619-8F9D-10516569B806",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D66B624-EAAA-4C2D-BBE6-D0A0ED6BD5F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0933D98-49F6-4B0F-9D04-2149BFB7FB7F",
"versionEndExcluding": "5.50\\(abom.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502EBC83-0E8D-4B13-BA0D-040B40C58A1D",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7654E872-36CA-4502-9B91-01741D6E4F46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-b60b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B963909-27C2-43A6-9479-EE2F863FC817",
"versionEndExcluding": "5.17\\(abny.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-b60b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6368C175-7D1B-4F70-B11F-B8CE7FBE0B82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg3927-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81E3153A-08CF-4F02-97EA-B68751EE7791",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg3927-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B19AC3-D417-48C7-8C18-F5516794260B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg8825-b50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E58CAE-3737-406F-9647-B59598A6733A",
"versionEndExcluding": "5.17\\(abmt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg8825-b50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4861B59F-AB86-4A4D-A04C-6EE68EC4A206",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91B77C-EC30-4C88-AAEB-330B7A3E0470",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6781DA-4800-47E9-BB67-89ACC0F43D04",
"versionEndExcluding": "5.17\\(abup.4\\)c1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B44185-756B-4B9B-A377-DB3191606702",
"versionEndExcluding": "5.17\\(abyo.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291AA836-D0F7-4AD7-8D76-0F1A5B9ECCCF",
"versionEndExcluding": "5.17\\(abry.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF7BC18-210C-4E21-A850-61A8D6B701BE",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457C1585-BD6F-4C3A-953D-96194EDD065E",
"versionEndExcluding": "5.40\\(abh.0\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91367DDE-F430-42F7-B4F2-28AEF7FDCB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E0639D-0861-4A10-AFA6-8251AD2217BB",
"versionEndExcluding": "5.42\\(acbc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA4B81-5FE7-43D5-8A96-A1BF0CBA8CC6",
"versionEndExcluding": "5.40\\(abki.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E53F230A-806F-413B-BE4B-2A95645751DF",
"versionEndExcluding": "5.40\\(abna.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFBE0FC-A355-4E32-A606-4130B2581CE1",
"versionEndExcluding": "5.41\\(acbb.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09514F76-89EC-4ADF-9400-F14BB917EF97",
"versionEndExcluding": "5.40\\(abnb.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:px7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C655ED2E-A791-40B7-99C5-FF3F874A2A27",
"versionEndExcluding": "5.17\\(abpc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:px7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "076C6AD3-E8A3-4639-805E-20FA866BDFDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el programa CGI del firmware de Zyxel VMG3312-T20A versi\u00f3n 5.30(ABFX.5)C0, podr\u00eda permitir a un atacante local autenticado ejecutar comandos arbitrarios del Sistema Operativo en un dispositivo vulnerable por medio de una interfaz LAN"
}
],
"id": "CVE-2022-26413",
"lastModified": "2024-11-21T06:53:54.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T13:15:07.763",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-35036
Vulnerability from fkie_nvd - Published: 2022-03-01 07:15 - Updated: 2024-11-21 06:11
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86A231B7-26ED-4BCC-99CC-ECC327B54B03",
"versionEndExcluding": "5.17\\(abpc.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "788C6B76-4993-4ABD-83D1-DA6B0821026F",
"versionEndExcluding": "5.50\\(abvy.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDC072-5D40-4130-9B5F-22FDA9BF909A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96C7FD75-7675-4EDD-BF3B-0298D092A11B",
"versionEndExcluding": "5.17\\(abyo.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96BDAAFD-9622-4A88-A7D1-F0312F466F1C",
"versionEndExcluding": "5.50\\(abpm.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "144523AD-2BDE-408A-8FA2-EF3D5161158E",
"versionEndExcluding": "5.50\\(abpm.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C08C685F-93D8-4C5D-AE9B-5A1E30985075",
"versionEndExcluding": "5.50\\(abom.8\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ep240p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "462A698C-23E5-4766-BD8A-31271DFDCA6F",
"versionEndExcluding": "5.40\\(abvh.0\\)c0a03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91367DDE-F430-42F7-B4F2-28AEF7FDCB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D064FE76-DE01-42DA-824B-3FE6D3A52A6E",
"versionEndExcluding": "5.17\\(abyo.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48BB8CE5-ED23-43C8-AAFE-E619C0A5266B",
"versionEndExcluding": "5.17\\(abry.3\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6716746F-4642-4BA8-B1FB-38CBE0FEFE65",
"versionEndExcluding": "1.00\\(abqu.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4814D3A1-C0D4-4573-AD77-C2EE7AC11CB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5388-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE41084-CC13-485C-A24E-E1994D5A0267",
"versionEndExcluding": "1.00\\(abra.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5388-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E67FFCF7-ECE9-4644-B248-1B6E10AD9398",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5388-s905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95529AB7-F11A-4C46-9F06-B2E8E4C78054",
"versionEndExcluding": "1.00\\(abvi.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5388-s905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F91C02-6CEB-44E3-A56F-96B49191E04A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte5398-m904_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A257907C-446C-4A90-B313-947F38E06105",
"versionEndExcluding": "1.00\\(abqv.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte5398-m904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F90453B8-19FF-4FF3-A167-E1A70E022201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7240-m403_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF40EC3D-F6EB-49CB-9E7C-BA7B6F65656B",
"versionEndExcluding": "2.00\\(abmg.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7240-m403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE2212F-D523-4706-9FD2-FDA760EE4B4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7461-m602_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67AC137-5B28-41B9-8F81-3DD703D7B962",
"versionEndExcluding": "2.00\\(abqn.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7461-m602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A307AD3-4E60-4859-B182-4CD4CB843757",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFDC741-78E6-42AA-B647-DEE9F04AA2DD",
"versionEndExcluding": "1.00\\(abra.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7480-s905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B911A91C-5252-4CAF-B915-E314833DDFCC",
"versionEndExcluding": "2.00\\(abqt.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7480-s905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7AF237-04F2-4054-96DE-3FD059CF4B35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7485-s905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3FAF3DA-0C8A-4E60-B7C6-4E36D77E9D43",
"versionEndExcluding": "1.00\\(abvn.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7485-s905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E09953F0-2415-45F7-811C-E9D1A361284C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:lte7490-m804_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "094A13AB-92FC-482D-BB1A-DA28B088F29C",
"versionEndExcluding": "v1.00\\(abqy.5\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:lte7490-m804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3380C6EB-4D52-4EB1-802C-778DDBDC7D12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB8687A-EADF-4B15-8F41-78F1070E0CA3",
"versionEndExcluding": "1.00\\(abvc.6\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11197D03-1C93-4D6A-950C-273E46CBBC62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A72A80-DA68-4353-8FEA-D372180F8401",
"versionEndExcluding": "1.00\\(abuv.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C56958A5-2427-4A9A-BD40-3B548437CA36",
"versionEndExcluding": "1.00\\(abyd.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E0639D-0861-4A10-AFA6-8251AD2217BB",
"versionEndExcluding": "5.42\\(acbc.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA4B81-5FE7-43D5-8A96-A1BF0CBA8CC6",
"versionEndExcluding": "5.40\\(abki.4\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFBE0FC-A355-4E32-A606-4130B2581CE1",
"versionEndExcluding": "5.41\\(acbb.1\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E53F230A-806F-413B-BE4B-2A95645751DF",
"versionEndExcluding": "5.40\\(abna.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09514F76-89EC-4ADF-9400-F14BB917EF97",
"versionEndExcluding": "5.40\\(abnb.2\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A689984-D14E-44AD-B86B-D165E3AF945E",
"versionEndExcluding": "5.50\\(abtl.0\\)b2r",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A40BCD8-C6D5-4DD7-92A6-305886662570",
"versionEndExcluding": "5.50\\(abom.8\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32CAA0D0-8385-4333-9D94-A08F81C61FAD",
"versionEndExcluding": "5.50\\(abpm.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7F95B3-A92F-492F-AE07-ABC54A3158AB",
"versionEndExcluding": "5.50\\(abom.8\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:central_america:*:*:*",
"matchCriteriaId": "997AEAFA-6689-40C4-AC5E-97E2935272A0",
"versionEndExcluding": "5.50\\(accr.0\\)b4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:emea:*:*:*",
"matchCriteriaId": "DBA31900-874A-495B-858E-18C8E1CEA3BC",
"versionEndExcluding": "5.50\\(abpm.7\\)c0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5E8468-D12F-4CBE-AC7E-27D5A928A85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de almacenamiento de informaci\u00f3n en texto claro en la versi\u00f3n V5.50(ABTL.0)b2k del firmware de Zyxel VMG3625-T50B podr\u00eda permitir a un atacante autenticado obtener informaci\u00f3n sensible del archivo de configuraci\u00f3n"
}
],
"id": "CVE-2021-35036",
"lastModified": "2024-11-21T06:11:43.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-01T07:15:06.917",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-43390 (GCVE-0-2022-43390)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2025-04-08 20:16
VLAI?
Summary
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Severity ?
5.4 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:57.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:15:49.379601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:16:36.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43390",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-08T20:16:36.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43391 (GCVE-0-2022-43391)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2024-10-15 17:12
VLAI?
Summary
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:12.473207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:12:34.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:50:37.887Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43391",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-10-15T17:12:34.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43392 (GCVE-0-2022-43392)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2024-11-27 17:13
VLAI?
Summary
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T21:00:52.401931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:13:31.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:51:13.677Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43392",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-11-27T17:13:31.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43389 (GCVE-0-2022-43389)
Vulnerability from cvelistv5 – Published: 2023-01-11 00:00 – Updated: 2025-04-09 13:52
VLAI?
Summary
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Severity ?
8.6 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:52:13.858354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:52:22.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43389",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:52:22.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26414 (GCVE-0-2022-26414)
Vulnerability from cvelistv5 – Published: 2022-04-11 12:05 – Updated: 2024-08-03 05:03
VLAI?
Summary
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
Severity ?
6 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3312-T20A firmware |
Affected:
V5.30(ABFX.5)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3312-T20A firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.30(ABFX.5)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T12:05:11",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-26414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3312-T20A firmware",
"version": {
"version_data": [
{
"version_value": "V5.30(ABFX.5)C0"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.0",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-26414",
"datePublished": "2022-04-11T12:05:11",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26413 (GCVE-0-2022-26413)
Vulnerability from cvelistv5 – Published: 2022-04-11 12:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3312-T20A firmware |
Affected:
V5.30(ABFX.5)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3312-T20A firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.30(ABFX.5)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T12:00:19",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-26413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3312-T20A firmware",
"version": {
"version_data": [
{
"version_value": "V5.30(ABFX.5)C0"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.0",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-26413",
"datePublished": "2022-04-11T12:00:19",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35036 (GCVE-0-2021-35036)
Vulnerability from cvelistv5 – Published: 2022-03-01 06:20 – Updated: 2024-08-04 00:33
VLAI?
Summary
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
Severity ?
6.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3625-T50B firmware |
Affected:
V5.50(ABTL.0)b2k
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:49.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3625-T50B firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.50(ABTL.0)b2k"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-27T13:19:55",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3625-T50B firmware",
"version": {
"version_data": [
{
"version_value": "V5.50(ABTL.0)b2k"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2021-35036",
"datePublished": "2022-03-01T06:20:12",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-04T00:33:49.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43390 (GCVE-0-2022-43390)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2025-04-08 20:16
VLAI?
Summary
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
Severity ?
5.4 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:57.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:15:49.379601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:16:36.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43390",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-08T20:16:36.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43391 (GCVE-0-2022-43391)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2024-10-15 17:12
VLAI?
Summary
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:12.473207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:12:34.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:50:37.887Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43391",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-10-15T17:12:34.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43392 (GCVE-0-2022-43392)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2024-11-27 17:13
VLAI?
Summary
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T21:00:52.401931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T17:13:31.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\u003c/p\u003e"
}
],
"value": "A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T06:51:13.677Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43392",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-10-18T00:00:00",
"dateUpdated": "2024-11-27T17:13:31.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43389 (GCVE-0-2022-43389)
Vulnerability from nvd – Published: 2023-01-11 00:00 – Updated: 2025-04-09 13:52
VLAI?
Summary
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Severity ?
8.6 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Affected:
< V1.15(ACCC.3)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:52:13.858354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:52:22.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NR7101 firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c V1.15(ACCC.3)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T00:00:00.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-43389",
"datePublished": "2023-01-11T00:00:00.000Z",
"dateReserved": "2022-10-18T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:52:22.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26414 (GCVE-0-2022-26414)
Vulnerability from nvd – Published: 2022-04-11 12:05 – Updated: 2024-08-03 05:03
VLAI?
Summary
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
Severity ?
6 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3312-T20A firmware |
Affected:
V5.30(ABFX.5)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3312-T20A firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.30(ABFX.5)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T12:05:11",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-26414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3312-T20A firmware",
"version": {
"version_data": [
{
"version_value": "V5.30(ABFX.5)C0"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.0",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-26414",
"datePublished": "2022-04-11T12:05:11",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26413 (GCVE-0-2022-26413)
Vulnerability from nvd – Published: 2022-04-11 12:00 – Updated: 2024-08-03 05:03
VLAI?
Summary
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3312-T20A firmware |
Affected:
V5.30(ABFX.5)C0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3312-T20A firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.30(ABFX.5)C0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T12:00:19",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-26413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3312-T20A firmware",
"version": {
"version_data": [
{
"version_value": "V5.30(ABFX.5)C0"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.0",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-26413",
"datePublished": "2022-04-11T12:00:19",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35036 (GCVE-0-2021-35036)
Vulnerability from nvd – Published: 2022-03-01 06:20 – Updated: 2024-08-04 00:33
VLAI?
Summary
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
Severity ?
6.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | VMG3625-T50B firmware |
Affected:
V5.50(ABTL.0)b2k
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:49.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMG3625-T50B firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "V5.50(ABTL.0)b2k"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-27T13:19:55",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMG3625-T50B firmware",
"version": {
"version_data": [
{
"version_value": "V5.50(ABTL.0)b2k"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2021-35036",
"datePublished": "2022-03-01T06:20:12",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-04T00:33:49.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}