Vulnerabilities > CVE-2022-43393 - Improper Check for Unusual or Exceptional Conditions vulnerability in Zyxel products

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

zyxel

CWE-754

NVD

Published: 2023-01-11

Updated: 2023-01-18

Summary

An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Gs1350 6HP Firmware * Zyxel Gs1350 12Hp Firmware * Zyxel Gs1350 18Hp Firmware * Zyxel Gs1350 26Hp Firmware * Zyxel Gs1915 8 Firmware * Zyxel Gs1915 8EP Firmware * Zyxel Gs1915 24E Firmware * Zyxel Gs1915 24Ep Firmware * Zyxel Gs1920 24V2 Firmware * Zyxel Gs1920 48V2 Firmware * Zyxel Gs1920 24Hpv2 Firmware * Zyxel Gs1920 48Hpv2 Firmware * Zyxel Gs2220 10 Firmware * Zyxel Gs2220 28 Firmware * Zyxel Gs2220 50 Firmware * Zyxel Gs2220 10Hp Firmware * Zyxel Gs2220 28Hp Firmware * Zyxel Gs2220 50Hp Firmware * Zyxel Xgs1930 28 Firmware * Zyxel Xgs1930 28Hp Firmware * Zyxel Xgs1930 52 Firmware * Zyxel Xgs1930 52Hp Firmware * Zyxel Xs1930 10 Firmware * Zyxel Xs1930 12Hp Firmware * Zyxel Xs1930 12F Firmware * Zyxel Xgs2210 28 Firmware * Zyxel Xgs2210 52 Firmware * Zyxel Xgs2210 28Hp Firmware * Zyxel Xgs2210 52Hp Firmware 4.50 Zyxel Xgs2220 30 Firmware 4.80\(Abxn.1\) Zyxel Xgs2220 30Hp Firmware 4.80\(Abxo.1\) Zyxel Xgs2220 30F Firmware 4.80\(Abye.1\) Zyxel Xgs2220 54 Firmware 4.80\(Abxp.1\) Zyxel Xgs2220 54Hp Firmware 4.80\(Abxq.1\) Zyxel Xgs2220 54Fp Firmware 4.80\(Acce.1\) Zyxel Xgs4600 32 Firmware * Zyxel Xgs4600 32F Firmware * Zyxel Xgs4600 52F Firmware * Zyxel Xmg1930 30 Firmware * Zyxel Xmg1930 30Hp Firmware * Zyxel Xs3800 28 Firmware * Zyxel Mgs3500 24S Firmware * Zyxel Mgs3520 28 Firmware * Zyxel Mgs3520 28 Firmware 4.10\(Abqm.1\)C0 Zyxel Mgs3520 28F Firmware * Zyxel Mgs3530 28 Firmware * Zyxel Mgs3530 28 Firmware 4.10\(Acfj.0\)C0	47
Hardware	Zyxel Zyxel Gs1350 6HP - Zyxel Gs1350 12Hp - Zyxel Gs1350 18Hp - Zyxel Gs1350 26Hp - Zyxel Gs1915 8 - Zyxel Gs1915 8EP - Zyxel Gs1915 24E - Zyxel Gs1915 24Ep - Zyxel Gs1920 24V2 - Zyxel Gs1920 48V2 - Zyxel Gs1920 24Hpv2 - Zyxel Gs1920 48Hpv2 - Zyxel Gs2220 10 - Zyxel Gs2220 28 - Zyxel Gs2220 50 - Zyxel Gs2220 10Hp - Zyxel Gs2220 28Hp - Zyxel Gs2220 50Hp - Zyxel Xgs1930 28 - Zyxel Xgs1930 28Hp - Zyxel Xgs1930 52 - Zyxel Xgs1930 52Hp - Zyxel Xs1930 10 - Zyxel Xs1930 12Hp - Zyxel Xs1930 12F - Zyxel Xgs2210 28 - Zyxel Xgs2210 52 - Zyxel Xgs2210 28Hp - Zyxel Xgs2210 52Hp - Zyxel Xgs2220 30 - Zyxel Xgs2220 30Hp - Zyxel Xgs2220 30F - Zyxel Xgs2220 54 - Zyxel Xgs2220 54Hp - Zyxel Xgs2220 54Fp - Zyxel Xgs4600 32 - Zyxel Xgs4600 32F - Zyxel Xgs4600 52F - Zyxel Xmg1930 30 - Zyxel Xmg1930 30Hp - Zyxel Xs3800 28 - Zyxel Mgs3500 24S - Zyxel Mgs3520 28 - Zyxel Mgs3520 28F - Zyxel Mgs3530 28 -	45

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches