FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2022-38546

Improper Access Control (CWE-284)

Published: Dec 21, 2022 / Updated: 23mo ago

010
CVSS 9.8EPSS 0.1%Critical
CVE info copied to clipboard

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-38546. See article

Dec 21, 2022 at 1:55 AM / cve.report
EPSS

EPSS Score was set to: 0.1% (Percentile: 41.2%)

Sep 15, 2023 at 2:50 AM
Static CVE Timeline Graph

Affected Systems

Zyxel/nbg7510_firmware
+null more

Patches

www.zyxel.com
+null more

Links to Mitre Att&cks

T1546.004:
+null more

Attack Patterns

CAPEC-19: Embedding Scripts within Scripts
+null more

News

CVE-2022-38546
Recently updated security vulnerabilities / 23mo
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode. (CVSS:0.0) (Last Update:2022-12-21)
DNS misconfiguration in Zyxel NBG7510 home router
Security feed from CyberSecurity Help / 23mo
This security bulletin contains one medium risk vulnerability. The vulnerability allows a remote attacker to bypass implemented security restrictions.
NA - CVE-2022-38546 - A DNS misconfiguration was found in Zyxel...
Security-Database Alerts Monitor : Last 100 Alerts / 23mo
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to...
CVE-2022-38546
Newest CVEs from Tenable / 23mo
Severity Not Scored Description A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode. Read more at https://www.tenable.com/cve/CVE-2022-38546
CVE-2022-38546 | ZyXEL NBG7510 prior 1.00(ABZY.3)C0 DNS Server access control
VulDB Recent Entries / 23mo
A vulnerability was found in ZyXEL NBG7510 . It has been rated as problematic . This issue affects some unknown processing of the component DNS Server . The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2022-38546 . The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-284(2759)Zyxel(259)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial