CVE-2022-43390

Name of the Vulnerable Software and Affected Versions Zyxel NR7101 firmware versions prior to V1.15(ACCC.3)C0

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary commands using a specially crafted HTTP request. An authenticated attacker could execute some OS commands on a vulnerable device by sending a crafted HTTP request.

Recommendations For Zyxel NR7101 firmware versions prior to V1.15(ACCC.3)C0, update to version V1.15(ACCC.3)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the CGI program to minimize the risk of exploitation. Avoid using the vulnerable CGI program until the issue is resolved.