CVE-2022-43393

An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
ZyxelCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
zyxelgs1350-6hp_firmware
𝑥
< 4.70\(abpi.5\)c0
zyxelgs1350-12hp_firmware
𝑥
< 4.70\(abpj.5\)c0
zyxelgs1350-18hp_firmware
𝑥
< 4.70\(abpk.5\)c0
zyxelgs1350-26hp_firmware
𝑥
< 4.70\(abpl.5\)c0
zyxelgs1915-8_firmware
𝑥
< 4.70\(acap.3\)c0
zyxelgs1915-8ep_firmware
𝑥
< 4.70\(acaq.3\)c0
zyxelgs1915-24e_firmware
𝑥
< 4.70\(acdr.3\)c0
zyxelgs1915-24ep_firmware
𝑥
< 4.70\(acds.3\)c0
zyxelgs1920-24v2_firmware
𝑥
< 4.70\(abmh.8\)c0
zyxelgs1920-48v2_firmware
𝑥
< 4.70\(abmj.8\)c0
zyxelgs1920-24hpv2_firmware
𝑥
< 4.70\(abmi.8\)c0
zyxelgs1920-48hpv2_firmware
𝑥
< 4.70\(abmk.8\)c0
zyxelgs2220-10_firmware
𝑥
< 4.70\(abro.6\)c0
zyxelgs2220-28_firmware
𝑥
< 4.70\(abrq.6\)c0
zyxelgs2220-50_firmware
𝑥
< 4.70\(abrs.6\)c0
zyxelgs2220-10hp_firmware
𝑥
< 4.70\(abrp.6\)c0
zyxelgs2220-28hp_firmware
𝑥
< 4.70\(abrr.6\)c0
zyxelgs2220-50hp_firmware
𝑥
< 4.70\(abrt.6\)c0
zyxelxgs1930-28_firmware
𝑥
< 4.70\(abht.5\)c0
zyxelxgs1930-28hp_firmware
𝑥
< 4.70\(abhs.5\)c0
zyxelxgs1930-52_firmware
𝑥
< 4.70\(abhu.5\)c0
zyxelxgs1930-52hp_firmware
𝑥
< 4.70\(abhv.5\)c0
zyxelxs1930-10_firmware
𝑥
< 4.80\(abqe.0\)c0
zyxelxs1930-12hp_firmware
𝑥
< 4.80\(abqf.0\)c0
zyxelxs1930-12f_firmware
𝑥
< 4.80\(abzv.0\)c0
zyxelxgs2210-28_firmware
𝑥
< 4.70\(aazj.2\)c0
zyxelxgs2210-52_firmware
𝑥
< 4.70\(aazk.2\)c0
zyxelxgs2210-28hp_firmware
𝑥
< 4.70\(aazl.2\)c0
zyxelxgs2210-52hp_firmware
𝑥
< 4.70\(aazm.2\)c0
zyxelxgs2220-30_firmware
𝑥
< 4.80\(abxn.1\)c0
zyxelxgs2220-30hp_firmware
𝑥
< 4.80\(abxo.1\)c0
zyxelxgs2220-30f_firmware
𝑥
< 4.80\(abye.1\)c0
zyxelxgs2220-54_firmware
𝑥
< 4.80\(abxp.1\)c0
zyxelxgs2220-54hp_firmware
𝑥
< 4.80\(abxq.1\)c0
zyxelxgs2220-54fp_firmware
𝑥
< 4.80\(acce.1\)c0
zyxelxgs4600-32_firmware
𝑥
< 4.70\(abbh.4\)c0
zyxelxgs4600-32f_firmware
𝑥
< 4.70\(abbi.4\)c0
zyxelxgs4600-52f_firmware
𝑥
< 4.70\(abik.4\)c0
zyxelxmg1930-30_firmware
𝑥
< 4.80\(acar.0\)
zyxelxmg1930-30hp_firmware
𝑥
< 4.80\(acas.0\)
zyxelxs3800-28_firmware
𝑥
≤ 4.80\(abml.1\)c0
zyxelmgs3500-24s_firmware
𝑥
< 4.10\(abbr.2\)c0
zyxelmgs3520-28_firmware
𝑥
< 4.10\(aatn.5\)c0
zyxelmgs3520-28_firmware
4.10\(abqm.1\)c0
zyxelmgs3520-28f_firmware
𝑥
< 4.10\(aatm.4\)c0
zyxelmgs3530-28_firmware
𝑥
< 4.10\(acem.2\)c0
zyxelmgs3530-28_firmware
4.10\(acfj.0\)c0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches