Share:

CVE-2022-43390

Critical 8.8

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Published January 11, 2023.

Affected software

Zyxel Ex5601-t0 Firmware

Zyxel Wx3100-t0 Firmware

Zyxel Emg3525-t50b Firmware

Zyxel Lte7480-m804 Firmware

Zyxel Nr7101 Firmware

Zyxel Nebula Nr7101 Firmware

Zyxel Wx5600-t0 Firmware

Zyxel Vmg8623-t50b Firmware

Zyxel Ax7501-b0 Firmware

Zyxel Pm3100-t0 Firmware

Zyxel Vmg4005-b50a Firmware

Zyxel Ex3301-t0 Firmware

Zyxel Nr5101 Firmware

Zyxel Pm5100-t0 Firmware

Zyxel Emg5723-t50k Firmware

Zyxel Ex3510-b0 Firmware

Zyxel Ex5510-b0 Firmware

Zyxel Wx3401-b0 Firmware

Zyxel Pmg5617-t20b2 Firmware

Zyxel Ex5401-b0 Firmware

Zyxel Nebula Nr5101 Firmware

Zyxel Vmg4005-b60a Firmware

Zyxel Dx3301-t0 Firmware

Zyxel Pm7320-b0 Firmware

Zyxel Pmg5617ga Firmware

Zyxel Lte7490-m904 Firmware

Zyxel Nr7102 Firmware

Zyxel Ex5501-b0 Firmware

Zyxel Dx4510-b1 Firmware

Zyxel Vmg3927-t50k Firmware

Zyxel Pm7300-t0 Firmware

Zyxel Dx5401-b0 Firmware

Zyxel Emg5523-t50b Firmware

Zyxel Vmg8825-t50k Firmware

Zyxel Pmg5317-t20b Firmware

Zyxel Ex5601-t1 Firmware

Zyxel Ex5600-t1 Firmware

Zyxel Pmg5622ga Firmware

Zyxel Ex5512-t0 Firmware

Get alerts for Zyxel Ex5601-t0 Firmware

Reference links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders