CVE-2022-43390
11.01.2023, 02:15
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.
| Vendor | Product | Version |
|---|---|---|
| zyxel | lte7480-m804_firmware | 𝑥 < 1.00\(abra.6\)c0 |
| zyxel | lte7490-m904_firmware | 𝑥 < 1.00\(abqy.5\)c0 |
| zyxel | nebula_nr5101_firmware | 𝑥 < 1.15\(accg.3\)c0 |
| zyxel | nebula_nr7101_firmware | 𝑥 < 1.15\(accc.3\)c0 |
| zyxel | nr5101_firmware | 𝑥 < 1.00\(abvc.6\)c0 |
| zyxel | nr7101_firmware | 𝑥 < 1.00\(abuv.7\)c0 |
| zyxel | nr7102_firmware | 𝑥 < 1.00\(abyd.2\)c0 |
| zyxel | dx3301-t0_firmware | - |
| zyxel | dx4510-b1_firmware | - |
| zyxel | dx5401-b0_firmware | - |
| zyxel | emg3525-t50b_firmware | - |
| zyxel | emg5523-t50b_firmware | - |
| zyxel | emg5723-t50k_firmware | - |
| zyxel | ex3301-t0_firmware | - |
| zyxel | ex3510-b0_firmware | 𝑥 < 5.17\(abup.7\)c0 |
| zyxel | ex5401-b0_firmware | - |
| zyxel | ex5501-b0_firmware | - |
| zyxel | ex5510-b0_firmware | 𝑥 < 5.17\(abqx.7\)c0 |
| zyxel | ex5512-t0_firmware | - |
| zyxel | ex5600-t1_firmware | - |
| zyxel | ex5601-t0_firmware | - |
| zyxel | ex5601-t1_firmware | - |
| zyxel | vmg3927-t50k_firmware | - |
| zyxel | vmg4005-b50a_firmware | - |
| zyxel | vmg4005-b60a_firmware | - |
| zyxel | vmg8623-t50b_firmware | - |
| zyxel | vmg8825-t50k_firmware | - |
| zyxel | ax7501-b0_firmware | - |
| zyxel | pm3100-t0_firmware | - |
| zyxel | pm5100-t0_firmware | - |
| zyxel | pm7300-t0_firmware | - |
| zyxel | pm7320-b0_firmware | - |
| zyxel | pmg5317-t20b_firmware | - |
| zyxel | pmg5617-t20b2_firmware | - |
| zyxel | pmg5617ga_firmware | - |
| zyxel | pmg5622ga_firmware | - |
| zyxel | wx3100-t0_firmware | - |
| zyxel | wx3401-b0_firmware | - |
| zyxel | wx5600-t0_firmware | - |
𝑥
= Vulnerable software versions
References