CVE-2022-43389

HIGH

Zyxel NR7101 <V1.15(ACCC.3)C0 - Buffer Overflow

Title source: llm

Description

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

References (1)

Core 1

Core References

Vendor Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders

Scores

CVSS v3 8.6

EPSS 0.0145

EPSS Percentile 80.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (17)

zyxel/ep240p_firmware

zyxel/lte3202-m437_firmware < 1.00\(abwf.1\)c0

zyxel/lte3316-m604_firmware < 2.00\(abmp.6\)c0

zyxel/lte7480-m804_firmware < 1.00\(abra.6\)c0

zyxel/lte7490-m904_firmware < 1.00\(abqy.5\)c0

zyxel/nebula_fwa510_firmware < 1.15\(acgd.3\)c0

zyxel/nebula_fwa710_firmware < 1.15\(acgc.3\)c0

zyxel/nebula_nr7101_firmware < 1.15\(accc.3\)c0

zyxel/nr5103_firmware < 4.19\(abyc.3\)c0

zyxel/nr5103e_firmware

... and 7 more

Published Jan 11, 2023

Tracked Since Feb 18, 2026