Cyber Resilience

CVE-2022-43389

High

Published: 11 January 2023

Published
11 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0145 81.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-43389 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Zyxel Lte3202-M437 Firmware. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 18.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zyxel
lte3202-m437 firmware
≤ 1.00\(abwf.1\)c0
zyxel
lte3316-m604 firmware
≤ 2.00\(abmp.6\)c0
zyxel
lte7480-m804 firmware
≤ 1.00\(abra.6\)c0
zyxel
lte7490-m904 firmware
≤ 1.00\(abqy.5\)c0
zyxel
nebula fwa510 firmware
≤ 1.15\(acgd.3\)c0
zyxel
nebula fwa710 firmware
≤ 1.15\(acgc.3\)c0
zyxel
nebula nr7101 firmware
≤ 1.15\(accc.3\)c0
zyxel
nr5103 firmware
≤ 4.19\(abyc.3\)c0
zyxel
nr5103e firmware
all versions
zyxel
nr7101 firmware
≤ 1.00\(abuv.7\)c0
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References