Command Injection Vulnerability in Zyxel NR7101 Firmware
CVE-2022-43390

5.4MEDIUM

Key Information:

Vendor: Zyxel
Status: Nr7101 Firmware
Vendor: CVE Published:; 11 January 2023

Summary

A command injection vulnerability exists in the CGI program of Zyxel NR7101 firmware versions before V1.15(ACCC.3)C0. This flaw allows authenticated attackers to execute arbitrary operating system commands on the affected devices by sending specially crafted HTTP requests. If exploited, this vulnerability can lead to unauthorized access and control over network devices.

Affected Version(s)

NR7101 firmware < V1.15(ACCC.3)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2023
Vulnerability Reserved
Oct 18, 2022