CVE-2022-43391

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

Published: Jan 11, 2023 / Updated: 22mo ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-43391. See article

Jan 11, 2023 at 1:47 AM / twitter.com
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.9%)

Sep 22, 2023 at 11:29 AM
Static CVE Timeline Graph

Affected Systems

Zyxel/vmg8623-t50b_firmware
+null more

Patches

www.zyxel.com
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

CVE-2022-43391
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. CVE-2022-43391 originally published on CyberSecurityBoard
CVE-2022-43391
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. (CVSS:0.0) (Last Update:2023-01-11)
CVE-2022-43391
- CVSS Scores & Vulnerability Types If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores.
NA - CVE-2022-43391 - A buffer overflow vulnerability in the...
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS)...
CVE-2022-43391
Severity Not Scored Description A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. Read more at https://www.tenable.com/cve/CVE-2022-43391
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI