Vulnerabilites related to Zyxel - LTE3316-M604
cve-2022-43389
Vulnerability from cvelistv5
Published
2023-01-11 00:00
Modified
2024-08-03 13:32
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | NR7101 firmware |
Version: < V1.15(ACCC.3)C0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:58.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NR7101 firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "< V1.15(ACCC.3)C0", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders", }, ], }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2022-43389", datePublished: "2023-01-11T00:00:00", dateReserved: "2022-10-18T00:00:00", dateUpdated: "2024-08-03T13:32:58.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22920
Vulnerability from cvelistv5
Published
2023-02-21 00:00
Modified
2025-03-12 14:35
Severity ?
EPSS score ?
Summary
A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | LTE3316-M604 |
Version: V2.00(ABMP.6)C0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-security-misconfiguration-vulnerability-of-4g-lte-indoor-routers", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22920", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-12T14:34:23.719581Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-12T14:35:22.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "LTE3316-M604", vendor: "Zyxel", versions: [ { status: "affected", version: "V2.00(ABMP.6)C0", }, ], }, ], descriptions: [ { lang: "en", value: "A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-21T00:00:00.000Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-security-misconfiguration-vulnerability-of-4g-lte-indoor-routers", }, ], }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2023-22920", datePublished: "2023-02-21T00:00:00.000Z", dateReserved: "2023-01-10T00:00:00.000Z", dateUpdated: "2025-03-12T14:35:22.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-01-11 02:15
Modified
2024-11-21 07:26
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:lte3202-m437_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEED7B93-7998-429A-9B16-49BAE465704F", versionEndExcluding: "1.00\\(abwf.1\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:lte3202-m437:-:*:*:*:*:*:*:*", matchCriteriaId: "9AFA5A91-B372-464B-9C8E-DFC6552E64EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:lte3316-m604_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5FBDC947-18E3-4A46-A7B3-9AB18032254E", versionEndExcluding: "2.00\\(abmp.6\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:lte3316-m604:-:*:*:*:*:*:*:*", matchCriteriaId: "557BE1D0-A562-4176-8E59-562E329DD602", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:lte7480-m804_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7DFDC741-78E6-42AA-B647-DEE9F04AA2DD", versionEndExcluding: "1.00\\(abra.6\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:lte7480-m804:-:*:*:*:*:*:*:*", matchCriteriaId: "E3480021-1538-48ED-BE89-BB0DF562C7DE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:lte7490-m904_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FB812F29-2FAE-414C-9047-2471148B1E36", versionEndExcluding: "1.00\\(abqy.5\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:lte7490-m904:-:*:*:*:*:*:*:*", matchCriteriaId: "DC75F6DE-DCAF-47A0-B6BB-0E050C68AF25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E7D1CEC6-D45B-4B6A-8A58-B099ADF57413", versionEndExcluding: "1.15\\(acgd.3\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nebula_fwa510:-:*:*:*:*:*:*:*", matchCriteriaId: "80B7099C-DAA5-4902-A62B-B680C9450575", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB7233D1-3202-471C-AEEA-F76E79F78346", versionEndExcluding: "1.15\\(acgc.3\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nebula_fwa710:-:*:*:*:*:*:*:*", matchCriteriaId: "92221518-C7EA-46D7-8037-A580CEA01093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA537481-4311-4C5E-B577-76C8A789FDAC", versionEndExcluding: "1.15\\(accc.3\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*", matchCriteriaId: "52096C1F-F73C-413E-9D37-82EFA4703AEC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nr5103_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9B98AC59-4E5F-40AC-B6D6-DD669FAFEDCD", versionEndExcluding: "4.19\\(abyc.3\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nr5103:-:*:*:*:*:*:*:*", matchCriteriaId: "C821C282-A1E3-4E31-A0C3-96936A4D90CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nr5103e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "60ABD202-BEB3-4E0D-98CB-30AAA54E5B3B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nr5103e:-:*:*:*:*:*:*:*", matchCriteriaId: "97C7B929-E318-4E17-8AF9-160C8613132D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63A72A80-DA68-4353-8FEA-D372180F8401", versionEndExcluding: "1.00\\(abuv.7\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*", matchCriteriaId: "E4D27B24-9822-432C-8B8B-9546EE32DEC6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nr7102_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C56958A5-2427-4A9A-BD40-3B548437CA36", versionEndExcluding: "1.00\\(abyd.2\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nr7102:-:*:*:*:*:*:*:*", matchCriteriaId: "F1A15757-DE6F-4A72-9CAD-BAC04BD340A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:nr7103_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1FD95007-25FD-4EF9-A461-19FBB4468B3D", versionEndExcluding: "1.00\\(accz.1\\)c0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:nr7103:-:*:*:*:*:*:*:*", matchCriteriaId: "77584A2D-D878-46E5-A632-10912DC3B794", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:ep240p_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4CB5CB3D-4EBA-4C71-886A-5FF336E9F842", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:ep240p:-:*:*:*:*:*:*:*", matchCriteriaId: "91367DDE-F430-42F7-B4F2-28AEF7FDCB12", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:pm7320-b0_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "E3B9C504-41A4-4756-BDB0-2EE317F801AE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:pm7320-b0:-:*:*:*:*:*:*:*", matchCriteriaId: "E6A479CC-D543-49A1-8A37-7E9D4A0F0009", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:pmg5317-t20b_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1141E1B7-B6B8-496B-A2CA-A9076D805741", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:pmg5317-t20b:-:*:*:*:*:*:*:*", matchCriteriaId: "9F1334B5-FC76-412F-A7EF-02EEEE677460", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:pmg5617ga_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "366FB20C-6740-431A-A0CA-6EC3FDD3C505", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:pmg5617ga:-:*:*:*:*:*:*:*", matchCriteriaId: "9C1B0834-3398-41B0-9A14-7D97768732B4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:pmg5622ga_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F61E8935-26CD-4664-A95C-1BCA77DBC4DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:pmg5622ga:-:*:*:*:*:*:*:*", matchCriteriaId: "840AF834-B7A6-4ACA-BAB9-996D87476D3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de búfer en la librería del servidor web en el firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podría permitir que un atacante no autenticado ejecute algunos comandos del sistema operativo o cause condiciones de denegación de servicio (DoS) en un dispositivo vulnerable.", }, ], id: "CVE-2022-43389", lastModified: "2024-11-21T07:26:22.850", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@zyxel.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-11T02:15:11.073", references: [ { source: "security@zyxel.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders", }, ], sourceIdentifier: "security@zyxel.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security@zyxel.com.tw", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-21 16:15
Modified
2024-11-21 07:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | lte3202-m437_firmware | 1.00\(abwf.1\)c0 | |
| zyxel | lte3202-m437 | - | |
| zyxel | lte3316-m604_firmware | 2.00\(abmp.6\)c0 | |
| zyxel | lte3316-m604 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:lte3202-m437_firmware:1.00\\(abwf.1\\)c0:*:*:*:*:*:*:*", matchCriteriaId: "ACA056DF-42B9-4530-9076-F5BAE33E4849", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:lte3202-m437:-:*:*:*:*:*:*:*", matchCriteriaId: "9AFA5A91-B372-464B-9C8E-DFC6552E64EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zyxel:lte3316-m604_firmware:2.00\\(abmp.6\\)c0:*:*:*:*:*:*:*", matchCriteriaId: "9D8CE2DA-94BB-4263-B0FD-02AB3ECA8858", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zyxel:lte3316-m604:-:*:*:*:*:*:*:*", matchCriteriaId: "557BE1D0-A562-4176-8E59-562E329DD602", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.", }, ], id: "CVE-2023-22920", lastModified: "2024-11-21T07:45:39.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@zyxel.com.tw", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-21T16:15:11.743", references: [ { source: "security@zyxel.com.tw", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-security-misconfiguration-vulnerability-of-4g-lte-indoor-routers", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-security-misconfiguration-vulnerability-of-4g-lte-indoor-routers", }, ], sourceIdentifier: "security@zyxel.com.tw", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@zyxel.com.tw", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }