Denial of service in Zyxel switches
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-43393 |
| CWE-ID | CWE-754 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
GS1350-6HP Hardware solutions / Firmware GS1350-12HP Hardware solutions / Firmware GS1350-18HP Hardware solutions / Firmware GS1350-26HP Hardware solutions / Firmware GS1915-8 Hardware solutions / Firmware GS1915-8EP Hardware solutions / Firmware GS1915-24E Hardware solutions / Firmware GS1915-24EP Hardware solutions / Firmware GS1920-24v2 Hardware solutions / Firmware GS1920-48v2 Hardware solutions / Firmware GS1920-24HPv2 Hardware solutions / Firmware GS1920-48HPv2 Hardware solutions / Firmware GS2220-10 Hardware solutions / Firmware GS2220-28 Hardware solutions / Firmware GS2220-50 Hardware solutions / Firmware GS2220-10HP Hardware solutions / Firmware GS2220-28HP Hardware solutions / Firmware GS2220-50HP Hardware solutions / Firmware XGS1930-28 Hardware solutions / Firmware XGS1930-28HP Hardware solutions / Firmware XGS1930-52 Hardware solutions / Firmware XGS1930-52HP Hardware solutions / Firmware XS1930-10 Hardware solutions / Firmware XS1930-12HP Hardware solutions / Firmware XS1930-12F Hardware solutions / Firmware XGS2210-28 Hardware solutions / Firmware XGS2210-52 Hardware solutions / Firmware XGS2210-28HP Hardware solutions / Firmware XGS2210-52HP Hardware solutions / Firmware XGS2220-30 Hardware solutions / Firmware XGS2220-30HP Hardware solutions / Firmware XGS2220-30F Hardware solutions / Firmware XGS2220-54 Hardware solutions / Firmware XGS2220-54HP Hardware solutions / Firmware XGS2220-54FP Hardware solutions / Firmware XGS4600-32 Hardware solutions / Firmware XGS4600-32F Hardware solutions / Firmware XGS4600-52F Hardware solutions / Firmware XMG1930-30 Hardware solutions / Firmware XMG1930-30HP Hardware solutions / Firmware XS3800-28 Hardware solutions / Firmware MGS3500-24S Hardware solutions / Firmware MGS3520-28 Hardware solutions / Firmware MGS3520-28F Hardware solutions / Firmware MGS3530-28 Hardware solutions / Firmware |
| Vendor | ZyXEL Communications Corp. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU71424
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-43393
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling in the HTTP request processing function. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGS1350-6HP: 4.70(ABPI.4)C0
GS1350-12HP: 4.70(ABPJ.4)C0
GS1350-18HP: 4.70(ABPK.4)C0
GS1350-26HP: 4.70(ABPL.4)C0
GS1915-8: 4.70(ACAP.2)C0
GS1915-8EP: 4.70(ACAQ.2)C0
GS1915-24E: 4.70(ACDR.2)C0
GS1915-24EP: 4.70(ACDS.2)C0
GS1920-24v2: 4.70(ABMH.7)C0
GS1920-48v2: 4.70(ABMJ.7)C0
GS1920-24HPv2: 4.70(ABMI.7)C0
GS1920-48HPv2: 4.70(ABMK.7)C0
GS2220-10: 4.70(ABRO.5)C0
GS2220-28: 4.70(ABRQ.5)C0
GS2220-50: 4.70(ABRS.5)C0
GS2220-10HP: 4.70(ABRP.5)C0
GS2220-28HP: 4.70(ABRR.5)C0
GS2220-50HP: 4.70(ABRT.5)C0
XGS1930-28: 4.70(ABHT.3)C0
XGS1930-28HP: 4.70(ABHS.3)C0
XGS1930-52: 4.70(ABHU.3)C0
XGS1930-52HP: 4.70(ABHV.3)C0
XS1930-10: 4.70(ABQE.5)C0
XS1930-12HP: 4.70(ABQF.5)C0
XS1930-12F: 4.70(ABZV.5)C0
XGS2210-28: 4.70(AAZJ.1)C0
XGS2210-52: 4.70(AAZK.1)C0
XGS2210-28HP: 4.70(AAZL.1)C0
XGS2210-52HP: 4.70(AAZM.1)C0
XGS2220-30: 4.80(ABXN.0)C0
XGS2220-30HP: 4.80(ABXO.0)C0
XGS2220-30F: 4.80(ABYE.0)C0
XGS2220-54: 4.80(ABXP.0)C0
XGS2220-54HP: 4.80(ABXQ.0)C0
XGS2220-54FP: 4.80(ACCE.0)C0
XGS4600-32: 4.70(ABBH.3)C0
XGS4600-32F: 4.70(ABBI.3)C0
XGS4600-52F: 4.70(ABIK.3)C0
XMG1930-30: 4.70(ACAR.0)
XMG1930-30HP: 4.70(ACAS.0)
XS3800-28: 4.80(ABML.0)C0
MGS3500-24S: 4.10(ABBR.1)C0
MGS3520-28: 4.10(ABQM.1)C0 - 4.10(AATN.4)C0
MGS3520-28F: 4.10(AATM.3)C0
MGS3530-28: 4.10(ACFJ.0)C0 - 4.10(ACEM.1)C0
CPE2.3- cpe:2.3:h:zyxel_communications_corp:gs1350-6hp:4.70(ABPI.4)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1350-12hp:4.70(ABPJ.4)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1350-18hp:4.70(ABPK.4)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1350-26hp:4.70(ABPL.4)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1915-8:4.70(ACAP.2)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1915-8ep:4.70(ACAQ.2)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1915-24e:4.70(ACDR.2)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1915-24ep:4.70(ACDS.2)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1920-24v2:4.70(ABMH.7)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1920-48v2:4.70(ABMJ.7)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1920-24hpv2:4.70(ABMI.7)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs1920-48hpv2:4.70(ABMK.7)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs2220-10:4.70(ABRO.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs2220-28:4.70(ABRQ.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs2220-50:4.70(ABRS.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs2220-10hp:4.70(ABRP.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs2220-28hp:4.70(ABRR.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:gs2220-50hp:4.70(ABRT.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs1930-28:4.70(ABHT.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs1930-28hp:4.70(ABHS.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs1930-52:4.70(ABHU.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs1930-52hp:4.70(ABHV.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xs1930-10:4.70(ABQE.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xs1930-12hp:4.70(ABQF.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xs1930-12f:4.70(ABZV.5)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2210-28:4.70(AAZJ.1)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2210-52:4.70(AAZK.1)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2210-28hp:4.70(AAZL.1)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2210-52hp:4.70(AAZM.1)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2220-30:4.80(ABXN.0)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2220-30hp:4.80(ABXO.0)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2220-30f:4.80(ABYE.0)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2220-54:4.80(ABXP.0)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2220-54hp:4.80(ABXQ.0)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs2220-54fp:4.80(ACCE.0)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs4600-32:4.70(ABBH.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs4600-32f:4.70(ABBI.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xgs4600-52f:4.70(ABIK.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xmg1930-30:4.70(ACAR.0):*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xmg1930-30hp:4.70(ACAS.0):*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:xs3800-28:4.80(ABML.0)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:mgs3500-24s:4.10(ABBR.1)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:mgs3520-28:4.10(ABQM.1)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:mgs3520-28f:4.10(AATM.3)C0:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:mgs3530-28:4.10(ACFJ.0)C0:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
