{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43390", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "dateUpdated": "2025-04-08T20:16:36.803Z", "dateReserved": "2022-10-18T00:00:00.000Z", "datePublished": "2023-01-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2023-01-11T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."}], "affected": [{"vendor": "Zyxel", "product": "NR7101 firmware", "versions": [{"version": "< V1.15(ACCC.3)C0", "status": "affected"}]}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:57.394Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T20:15:49.379601Z", "id": "CVE-2022-43390", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:16:36.803Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:57.394Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43390", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-08T20:15:49.379601Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:16:29.785Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Zyxel", "product": "NR7101 firmware", "versions": [{"status": "affected", "version": "< V1.15(ACCC.3)C0"}]}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2023-01-11T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43390", "state": "PUBLISHED", "dateUpdated": "2025-04-08T20:16:36.803Z", "dateReserved": "2022-10-18T00:00:00.000Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2023-01-11T00:00:00.000Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DFDC741-78E6-42AA-B647-DEE9F04AA2DD", "versionEndExcluding": "1.00\\(abra.6\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3480021-1538-48ED-BE89-BB0DF562C7DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB812F29-2FAE-414C-9047-2471148B1E36", "versionEndExcluding": "1.00\\(abqy.5\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "01D0F1E5-B9F0-4B64-8331-D18641EC161F", "versionEndExcluding": "1.15\\(accg.3\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9F605B8-A892-4119-AB7A-D14CDC5DFC88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA537481-4311-4C5E-B577-76C8A789FDAC", "versionEndExcluding": "1.15\\(accc.3\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*", "matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nr5101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EB8687A-EADF-4B15-8F41-78F1070E0CA3", "versionEndExcluding": "1.00\\(abvc.6\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nr5101:-:*:*:*:*:*:*:*", "matchCriteriaId": "11197D03-1C93-4D6A-950C-273E46CBBC62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "63A72A80-DA68-4353-8FEA-D372180F8401", "versionEndExcluding": "1.00\\(abuv.7\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C56958A5-2427-4A9A-BD40-3B548437CA36", "versionEndExcluding": "1.00\\(abyd.2\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:dx3301-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "78DE37DB-6F39-48FE-8CE9-626036234C16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBDC072-5D40-4130-9B5F-22FDA9BF909A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F40E06-666B-490C-84F7-1A7B49834CC1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE285587-D5F3-42E5-ACB6-BDD03A50236C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:emg3525-t50b_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4917CDD6-B5D9-4674-AE43-B75B60B8289E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*", "matchCriteriaId": "9259E2F6-885D-4B44-8D40-20758DA599D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:emg5523-t50b_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "90DEAC05-EB3A-451D-9C0F-8D22B8886605", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3ECE0EB-C429-4716-ABFB-73540847EB9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:emg5723-t50k_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1219D188-2A83-41EC-AC8D-694901E6067C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:emg5723-t50k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B18982B2-E575-478E-A2B4-0932DE329056", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex3301-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D1F9ACE-DA82-4449-ADF9-5F8F540B812E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4434EF63-63EA-4A27-A6EF-CEE3000E9F02", "versionEndExcluding": "5.17\\(abup.7\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5401-b0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "15D01EDB-A41C-4FC1-9C4B-38B69360BE90", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5501-b0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "87D32815-5026-4A9A-8C8E-C30F154833AC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5501-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "88B8CDD0-E73A-4FAA-9964-D8C09949CB32", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1EC2DCD-97F2-4E13-AE82-468DBF052C4E", "versionEndExcluding": "5.17\\(abqx.7\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "E82D41CC-2EB3-4892-8383-FB2C9EC64D9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5512-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FF2B306-1EBD-4A14-A865-94C50F2F036D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "F32FA3FB-CE89-4CC1-9D8D-765B90A122DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5600-t1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6C46819-2848-4C0D-B360-F6987E9D3A82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5600-t1:-:*:*:*:*:*:*:*", "matchCriteriaId": "021CFB91-4627-4080-BF09-0BB5EFA708DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5601-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "13E7B377-3CF1-4BF5-A960-75952BC382D0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABFF2039-5DCC-4850-8BDA-3D418629C226", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5601-t1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D41D53E2-CB40-4715-A2B5-E9E87C1F3AE0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*", "matchCriteriaId": "D629D4B6-B2F2-45F1-9295-71751570C231", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg3927-t50k_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EBF0F8D-90CC-4089-AC9A-665348D27331", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg3927-t50k:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B33AE56-3948-494B-9E23-54D939DF0D3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg4005-b50a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD68CC70-242D-4A88-B182-DB68D2086225", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*", "matchCriteriaId": "88F74228-AC0C-4150-974D-54D77BBF9A90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg4005-b60a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B59AA0D1-9564-48FA-A0AF-C1FC67C0D1EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*", "matchCriteriaId": "30C1B91D-3EA0-4A1D-833A-6767A6C84DA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg8623-t50b_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C75B24C-177A-470B-BCDE-39D31B0199F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3535B63-318C-4EB5-ADC8-0AF3FB443DFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg8825-t50k_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8901BBA-F2D4-49B8-80CF-4BABB5D2F365", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg8825-t50k:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4C2320B-52DF-4F86-86D2-42FB62337773", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ax7501-b0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6F890C3-F15D-4154-8E70-1529C7C8D89A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "78473083-F702-4B81-AAA0-B66A0984FF6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pm3100-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D85D00E0-AA47-48AD-8914-A443482D7D7F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pm3100-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "F78F88D4-A782-4075-A3CB-A728CE4014DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pm5100-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E683B32-A1A0-4DA4-81C4-61513E9E585F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pm5100-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "249AF476-CAA4-4C87-8CC3-E0AF15E61F7E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pm7300-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "481013ED-2B6F-4FBB-881A-C0CD038C5FDA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pm7300-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AD1E2E3-2BB8-4CB3-AF81-C916312FE361", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3B9C504-41A4-4756-BDB0-2EE317F801AE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6A479CC-D543-49A1-8A37-7E9D4A0F0009", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1141E1B7-B6B8-496B-A2CA-A9076D805741", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F1334B5-FC76-412F-A7EF-02EEEE677460", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pmg5617-t20b2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CA3BD8C-4FBB-45B6-AB00-55F7D5BA3C1B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pmg5617-t20b2:-:*:*:*:*:*:*:*", "matchCriteriaId": "B35005D7-D8E4-4BC5-A59C-6A69255E7EC7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "366FB20C-6740-431A-A0CA-6EC3FDD3C505", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C1B0834-3398-41B0-9A14-7D97768732B4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F61E8935-26CD-4664-A95C-1BCA77DBC4DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*", "matchCriteriaId": "840AF834-B7A6-4ACA-BAB9-996D87476D3D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wx3100-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA532797-C2BF-4A37-9A36-92F1115150AB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2C56248-D12F-46DC-A52F-0607E4A5DCCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wx3401-b0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E011E78-E7E7-4F84-9A7D-A6548AFBE30C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wx3401-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "677C554B-F9C7-4780-97C0-6021146F8B3C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wx5600-t0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ED109DF-7C43-4CEC-AC2C-80762B60C776", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el programa CGI del firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podr\u00eda permitir a un atacante autenticado ejecutar algunos comandos del sistema operativo en un dispositivo vulnerable enviando una solicitud HTTP manipulada."}], "id": "CVE-2022-43390", "lastModified": "2024-11-21T07:26:23.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@zyxel.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-11T02:15:11.170", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@zyxel.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}