CVE-2022-43389: Buffer Overflow
First published: Wed Jan 11 2023(Updated: )
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel Lte3202-m437 Firmware | <1.00\(abwf.1\)c0 | |
| Zyxel Lte3202-m437 | ||
| Zyxel LTE3316-M604 firmware | <2.00\(abmp.6\)c0 | |
| Zyxel LTE3316-M604 | ||
| Zyxel Lte7480-m804 Firmware | <1.00\(abra.6\)c0 | |
| Zyxel Lte7480-m804 | ||
| Zyxel Lte7490-m904 Firmware | <1.00\(abqy.5\)c0 | |
| Zyxel Lte7490-m904 | ||
| Zyxel Nebula Fwa510 Firmware | <1.15\(acgd.3\)c0 | |
| Zyxel Nebula Fwa510 | ||
| Zyxel Nebula Fwa710 Firmware | <1.15\(acgc.3\)c0 | |
| Zyxel Nebula Fwa710 | ||
| Zyxel Nebula Nr7101 Firmware | <1.15\(accc.3\)c0 | |
| Zyxel Nebula Nr7101 | ||
| Zyxel Nr5103 Firmware | <4.19\(abyc.3\)c0 | |
| Zyxel Nr5103 | ||
| Zyxel Nr5103e Firmware | ||
| Zyxel Nr5103e | ||
| Zyxel NR7101 firmware | <1.00\(abuv.7\)c0 | |
| Zyxel NR7101 | ||
| Zyxel Nr7102 Firmware | <1.00\(abyd.2\)c0 | |
| Zyxel Nr7102 | ||
| Zyxel Nr7103 Firmware | <1.00\(accz.1\)c0 | |
| Zyxel Nr7103 | ||
| Zyxel Ep240p Firmware | ||
| Zyxel Ep240p | ||
| Zyxel Pm7320-b0 Firmware | ||
| Zyxel Pm7320-b0 | ||
| Zyxel Pmg5317-t20b Firmware | ||
| Zyxel Pmg5317-t20b | ||
| Zyxel Pmg5617ga Firmware | ||
| Zyxel Pmg5617ga | ||
| Zyxel Pmg5622ga Firmware | ||
| Zyxel Pmg5622ga |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-43389?
CVE-2022-43389 is a buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
How severe is CVE-2022-43389?
CVE-2022-43389 has a severity rating of 9.8 out of 10 (critical).
What software is affected by CVE-2022-43389?
Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0 is affected by CVE-2022-43389.
How can an attacker exploit CVE-2022-43389?
An unauthenticated attacker can exploit CVE-2022-43389 by executing OS commands or causing denial-of-service conditions on a vulnerable Zyxel NR7101 device.
Is there a fix for CVE-2022-43389?
Yes, Zyxel has released a firmware update to address the CVE-2022-43389 vulnerability. It is recommended to update to version V1.15(ACCC.3)C0 or later.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- vendor/zyxel
- canonical/zyxel lte3202-m437 firmware
- canonical/zyxel lte3202-m437
- canonical/zyxel lte3316-m604 firmware
- canonical/zyxel lte3316-m604
- canonical/zyxel lte7480-m804 firmware
- canonical/zyxel lte7480-m804
- canonical/zyxel lte7490-m904 firmware
- canonical/zyxel lte7490-m904
- canonical/zyxel nebula fwa510 firmware
- canonical/zyxel nebula fwa510
- canonical/zyxel nebula fwa710 firmware
- canonical/zyxel nebula fwa710
- canonical/zyxel nebula nr7101 firmware
- canonical/zyxel nebula nr7101
- canonical/zyxel nr5103 firmware
- canonical/zyxel nr5103
- canonical/zyxel nr5103e firmware
- canonical/zyxel nr5103e
- canonical/zyxel nr7101 firmware
- canonical/zyxel nr7101
- canonical/zyxel nr7102 firmware
- canonical/zyxel nr7102
- canonical/zyxel nr7103 firmware
- canonical/zyxel nr7103
- canonical/zyxel ep240p firmware
- canonical/zyxel ep240p
- canonical/zyxel pm7320-b0 firmware
- canonical/zyxel pm7320-b0
- canonical/zyxel pmg5317-t20b firmware
- canonical/zyxel pmg5317-t20b
- canonical/zyxel pmg5617ga firmware
- canonical/zyxel pmg5617ga
- canonical/zyxel pmg5622ga firmware
- canonical/zyxel pmg5622ga