Details of VAR-202301-0921

ID

VAR-202301-0921

CVE

CVE-2022-43393

TITLE

Zyxel GS1920-24v2 Exceptional State Check Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-001950

DESCRIPTION

An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. Zyxel GS1920-24v2 Firmware contains an exceptional state check vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-43393 // JVNDB: JVNDB-2023-001950

AFFECTED PRODUCTS

vendor:	zyxel	model:	gs2220-50	scope:	lt	version:	4.70\(abrs.6\)c0	Trust: 1.0
vendor:	zyxel	model:	xs3800-28	scope:	lte	version:	4.80\(abml.1\)c0	Trust: 1.0
vendor:	zyxel	model:	xs1930-12f	scope:	lt	version:	4.80\(abzv.0\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2220-30f	scope:	lt	version:	4.80\(abye.1\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2220-30	scope:	lt	version:	4.80\(abxn.1\)c0	Trust: 1.0
vendor:	zyxel	model:	gs2220-50hp	scope:	lt	version:	4.70\(abrt.6\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1350-18hp	scope:	lt	version:	4.70\(abpk.5\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs1930-52hp	scope:	lt	version:	4.70\(abhv.5\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs4600-52f	scope:	lt	version:	4.70\(abik.4\)c0	Trust: 1.0
vendor:	zyxel	model:	mgs3530-28	scope:	lt	version:	4.10\(acem.2\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1920-24hpv2	scope:	lt	version:	4.70\(abmi.8\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2220-54hp	scope:	lt	version:	4.80\(abxq.1\)c0	Trust: 1.0
vendor:	zyxel	model:	gs2220-28hp	scope:	lt	version:	4.70\(abrr.6\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1920-24v2	scope:	lt	version:	4.70\(abmh.8\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1920-48hpv2	scope:	lt	version:	4.70\(abmk.8\)c0	Trust: 1.0
vendor:	zyxel	model:	xmg1930-30	scope:	lt	version:	4.80\(acar.0\)	Trust: 1.0
vendor:	zyxel	model:	xgs1930-28hp	scope:	lt	version:	4.70\(abhs.5\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2220-54	scope:	lt	version:	4.80\(abxp.1\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1915-24e	scope:	lt	version:	4.70\(acdr.3\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1920-48v2	scope:	lt	version:	4.70\(abmj.8\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1350-6hp	scope:	lt	version:	4.70\(abpi.5\)c0	Trust: 1.0
vendor:	zyxel	model:	xs1930-12hp	scope:	lt	version:	4.80\(abqf.0\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs1930-52	scope:	lt	version:	4.70\(abhu.5\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2220-54fp	scope:	lt	version:	4.80\(acce.1\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs4600-32	scope:	lt	version:	4.70\(abbh.4\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs4600-32f	scope:	lt	version:	4.70\(abbi.4\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2210-52	scope:	lt	version:	4.70\(aazk.2\)c0	Trust: 1.0
vendor:	zyxel	model:	gs2220-28	scope:	lt	version:	4.70\(abrq.6\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2210-28hp	scope:	lt	version:	4.70\(aazl.2\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1350-26hp	scope:	lt	version:	4.70\(abpl.5\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1915-24ep	scope:	lt	version:	4.70\(acds.3\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs1930-28	scope:	lt	version:	4.70\(abht.5\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1350-12hp	scope:	lt	version:	4.70\(abpj.5\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2220-30hp	scope:	lt	version:	4.80\(abxo.1\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1915-8ep	scope:	lt	version:	4.70\(acaq.3\)c0	Trust: 1.0
vendor:	zyxel	model:	mgs3530-28	scope:	eq	version:	4.10\(acfj.0\)c0	Trust: 1.0
vendor:	zyxel	model:	gs2220-10	scope:	lt	version:	4.70\(abro.6\)c0	Trust: 1.0
vendor:	zyxel	model:	gs2220-10hp	scope:	lt	version:	4.70\(abrp.6\)c0	Trust: 1.0
vendor:	zyxel	model:	xmg1930-30hp	scope:	lt	version:	4.80\(acas.0\)	Trust: 1.0
vendor:	zyxel	model:	xgs2210-28	scope:	lt	version:	4.70\(aazj.2\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1915-8	scope:	lt	version:	4.70\(acap.3\)c0	Trust: 1.0
vendor:	zyxel	model:	mgs3500-24s	scope:	lt	version:	4.10\(abbr.2\)c0	Trust: 1.0
vendor:	zyxel	model:	xgs2210-52hp	scope:	lt	version:	4.70\(aazm.2\)c0	Trust: 1.0
vendor:	zyxel	model:	xs1930-10	scope:	lt	version:	4.80\(abqe.0\)c0	Trust: 1.0
vendor:	zyxel	model:	mgs3520-28f	scope:	lt	version:	4.10\(aatm.4\)c0	Trust: 1.0
vendor:	zyxel	model:	mgs3520-28	scope:	lt	version:	4.10\(aatn.5\)c0	Trust: 1.0
vendor:	zyxel	model:	mgs3520-28	scope:	eq	version:	4.10\(abqm.1\)c0	Trust: 1.0
vendor:	zyxel	model:	gs1920-24v2	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1920-48v2	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1915-24e	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1350-12hp	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1350-26hp	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1350-18hp	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1350-6hp	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1915-8	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1915-8ep	scope:	-	version:	-	Trust: 0.8
vendor:	zyxel	model:	gs1915-24ep	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-001950 // NVD: CVE-2022-43393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-43393
value:	HIGH
Trust: 1.0
security@zyxel.com.tw:	CVE-2022-43393
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-001950
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-828
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-43393
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-001950
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-001950 // CNNVD: CNNVD-202301-828 // NVD: CVE-2022-43393 // NVD: CVE-2022-43393

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.0
problemtype:	Improper checking in exceptional conditions (CWE-754) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-001950 // NVD: CVE-2022-43393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-828

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-828

PATCH

title:	Zyxel security advisory for DoS vulnerability of switches	url:	https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches	Trust: 0.8
title:	Zyxel GS1920 Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=222057	Trust: 0.6

sources: JVNDB: JVNDB-2023-001950 // CNNVD: CNNVD-202301-828

EXTERNAL IDS

db:	NVD	id:	CVE-2022-43393	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-001950	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-828	Trust: 0.6

sources: JVNDB: JVNDB-2023-001950 // CNNVD: CNNVD-202301-828 // NVD: CVE-2022-43393

REFERENCES

url:	https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-43393	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-43393/	Trust: 0.6

sources: JVNDB: JVNDB-2023-001950 // CNNVD: CNNVD-202301-828 // NVD: CVE-2022-43393

SOURCES

db:	JVNDB	id:	JVNDB-2023-001950
db:	CNNVD	id:	CNNVD-202301-828
db:	NVD	id:	CVE-2022-43393

LAST UPDATE DATE

2024-08-14T14:02:09.169000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-001950	date:	2023-05-29T02:22:00
db:	CNNVD	id:	CNNVD-202301-828	date:	2023-02-02T00:00:00
db:	NVD	id:	CVE-2022-43393	date:	2023-01-18T23:37:41.713

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-001950	date:	2023-05-29T00:00:00
db:	CNNVD	id:	CNNVD-202301-828	date:	2023-01-11T00:00:00
db:	NVD	id:	CVE-2022-43393	date:	2023-01-11T02:15:11.403