high
8.8
CWE
78 77
Advisory Published
Updated

CVE-2022-43390: OS Command Injection

First published: Wed Jan 11 2023(Updated: )

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Credit: security@zyxel.com.tw

Affected SoftwareAffected VersionHow to fix
Zyxel LTE7480-M804<1.00\(abra.6\)c0
Zyxel LTE7480-M804 Firmware
Zyxel LTE7490-M904<1.00\(abqy.5\)c0
Zyxel LTE7490-M904 Firmware
Zyxel Nebula Nr5101<1.15\(accg.3\)c0
Zyxel Nebula
Zyxel Nebula NR7101 Firmware<1.15\(accc.3\)c0
Zyxel Nebula Nr7101 Firmware
Zyxel Nebula Nr5101 Firmware<1.00\(abvc.6\)c0
Zyxel Nebula Nr5101
Zyxel Nebula NR7101 Firmware<1.00\(abuv.7\)c0
Zyxel Nebula Nr7101 Firmware
Zyxel NR7102<1.00\(abyd.2\)c0
Zyxel NR7102 Firmware
Zyxel Dx3300-T0
Zyxel Dx3301-t0 Firmware
Zyxel Dx4510
Zyxel Dx4510-B1 Firmware
Zyxel DX5401-B0
Zyxel DX5401-B0 firmware
Zyxel EMG3525-T50B Firmware
Zyxel EMG3525-T50B Firmware
Zyxel EMG5523-T50B
Zyxel EMG5523-T50B Firmware
Zyxel EMG5723-T50K
Zyxel EMG5723-T50K Firmware
Zyxel Ex3301-T0
Zyxel Ex3301-T0
Zyxel Ex3510 Firmware<5.17\(abup.7\)c0
Zyxel Ex3510-B0 Firmware
Zyxel Ex5401-B0
Zyxel Ex5401-B0
Zyxel Ex5501-b0
Zyxel EX5501-B0
Zyxel EX5510<5.17\(abqx.7\)c0
Zyxel EX5510-B0 Firmware
Zyxel EX5512-T0
Zyxel EX5512-T0 Firmware
Zyxel EX5600-T1 Firmware
Zyxel EX5600-T1 Firmware
Zyxel Ex5601-T0
Zyxel Ex5601-T0 Firmware
Zyxel EX5601-T1 Firmware
Zyxel EX5601-T1 Firmware
Zyxel VMG3927-T50K
Zyxel VMG3927-T50K Firmware
Zyxel VMG4005-B50A firmware
Zyxel VMG4005-B50A firmware
Zyxel VMG4005-B60A
Zyxel VMG4005-B60A
Zyxel VMG8623-T50B
Zyxel VMG8623-T50B Firmware
Zyxel VMG8825-T50K
Zyxel VMG8825-T50K firmware
Zyxel AX7501-B0
Zyxel AX7501-B0 firmware
Zyxel PM3100-T0 Firmware
Zyxel PM3100-T0 Firmware
Zyxel PM5100-T0
Zyxel PM5100-T0
Zyxel PM7300-T0 Firmware
Zyxel Pm7300-t0 Firmware
Zyxel PM7320-B0 Firmware
Zyxel PM7320-B0 Firmware
Zyxel PMG5317-T20B
Zyxel PMG5317-T20B Firmware
Zyxel PMG5617-T20B2
Zyxel PMG5617-T20B2 Firmware
Zyxel PMG5617GA
Zyxel PMG5617GA Firmware
Zyxel PMG5622GA
Zyxel PMG5622GA Firmware
Zyxel WX3100-T0 Firmware
Zyxel WX3100-T0 Firmware
Zyxel WX3401-B0 Firmware
Zyxel Wx3401-b0 Firmware
Zyxel WX5600-T0 Firmware
Zyxel Wx5600-t0 Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-43390?

    CVE-2022-43390 is categorized as a medium severity vulnerability due to its potential for command execution on affected devices.

  • Who is affected by CVE-2022-43390?

    CVE-2022-43390 affects multiple Zyxel devices, particularly those running firmware versions before V1.15(ACCC.3)C0.

  • How do I fix CVE-2022-43390?

    To fix CVE-2022-43390, upgrade the firmware of your Zyxel NR7101 device to version 1.15(ACCC.3)C0 or later.

  • What type of vulnerability is CVE-2022-43390?

    CVE-2022-43390 is a command injection vulnerability that can allow authenticated attackers to execute arbitrary OS commands.

  • Is CVE-2022-43390 a remote vulnerability?

    CVE-2022-43390 requires authentication, meaning an attacker must access the device locally or through other means to exploit it.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203