Denial of service in Zyxel switches



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-43393
CWE-ID CWE-754
Exploitation vector Network
Public exploit N/A
Vulnerable software
GS1350-6HP
Hardware solutions / Firmware

GS1350-12HP
Hardware solutions / Firmware

GS1350-18HP
Hardware solutions / Firmware

GS1350-26HP
Hardware solutions / Firmware

GS1915-8
Hardware solutions / Firmware

GS1915-8EP
Hardware solutions / Firmware

GS1915-24E
Hardware solutions / Firmware

GS1915-24EP
Hardware solutions / Firmware

GS1920-24v2
Hardware solutions / Firmware

GS1920-48v2
Hardware solutions / Firmware

GS1920-24HPv2
Hardware solutions / Firmware

GS1920-48HPv2
Hardware solutions / Firmware

GS2220-10
Hardware solutions / Firmware

GS2220-28
Hardware solutions / Firmware

GS2220-50
Hardware solutions / Firmware

GS2220-10HP
Hardware solutions / Firmware

GS2220-28HP
Hardware solutions / Firmware

GS2220-50HP
Hardware solutions / Firmware

XGS1930-28
Hardware solutions / Firmware

XGS1930-28HP
Hardware solutions / Firmware

XGS1930-52
Hardware solutions / Firmware

XGS1930-52HP
Hardware solutions / Firmware

XS1930-10
Hardware solutions / Firmware

XS1930-12HP
Hardware solutions / Firmware

XS1930-12F
Hardware solutions / Firmware

XGS2210-28
Hardware solutions / Firmware

XGS2210-52
Hardware solutions / Firmware

XGS2210-28HP
Hardware solutions / Firmware

XGS2210-52HP
Hardware solutions / Firmware

XGS2220-30
Hardware solutions / Firmware

XGS2220-30HP
Hardware solutions / Firmware

XGS2220-30F
Hardware solutions / Firmware

XGS2220-54
Hardware solutions / Firmware

XGS2220-54HP
Hardware solutions / Firmware

XGS2220-54FP
Hardware solutions / Firmware

XGS4600-32
Hardware solutions / Firmware

XGS4600-32F
Hardware solutions / Firmware

XGS4600-52F
Hardware solutions / Firmware

XMG1930-30
Hardware solutions / Firmware

XMG1930-30HP
Hardware solutions / Firmware

XS3800-28
Hardware solutions / Firmware

MGS3500-24S
Hardware solutions / Firmware

MGS3520-28
Hardware solutions / Firmware

MGS3520-28F
Hardware solutions / Firmware

MGS3530-28
Hardware solutions / Firmware

Vendor ZyXEL Communications Corp.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU71424

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43393

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling in the HTTP request processing function. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GS1350-6HP: 4.70(ABPI.4)C0

GS1350-12HP: 4.70(ABPJ.4)C0

GS1350-18HP: 4.70(ABPK.4)C0

GS1350-26HP: 4.70(ABPL.4)C0

GS1915-8: 4.70(ACAP.2)C0

GS1915-8EP: 4.70(ACAQ.2)C0

GS1915-24E: 4.70(ACDR.2)C0

GS1915-24EP: 4.70(ACDS.2)C0

GS1920-24v2: 4.70(ABMH.7)C0

GS1920-48v2: 4.70(ABMJ.7)C0

GS1920-24HPv2: 4.70(ABMI.7)C0

GS1920-48HPv2: 4.70(ABMK.7)C0

GS2220-10: 4.70(ABRO.5)C0

GS2220-28: 4.70(ABRQ.5)C0

GS2220-50: 4.70(ABRS.5)C0

GS2220-10HP: 4.70(ABRP.5)C0

GS2220-28HP: 4.70(ABRR.5)C0

GS2220-50HP: 4.70(ABRT.5)C0

XGS1930-28: 4.70(ABHT.3)C0

XGS1930-28HP: 4.70(ABHS.3)C0

XGS1930-52: 4.70(ABHU.3)C0

XGS1930-52HP: 4.70(ABHV.3)C0

XS1930-10: 4.70(ABQE.5)C0

XS1930-12HP: 4.70(ABQF.5)C0

XS1930-12F: 4.70(ABZV.5)C0

XGS2210-28: 4.70(AAZJ.1)C0

XGS2210-52: 4.70(AAZK.1)C0

XGS2210-28HP: 4.70(AAZL.1)C0

XGS2210-52HP: 4.70(AAZM.1)C0

XGS2220-30: 4.80(ABXN.0)C0

XGS2220-30HP: 4.80(ABXO.0)C0

XGS2220-30F: 4.80(ABYE.0)C0

XGS2220-54: 4.80(ABXP.0)C0

XGS2220-54HP: 4.80(ABXQ.0)C0

XGS2220-54FP: 4.80(ACCE.0)C0

XGS4600-32: 4.70(ABBH.3)C0

XGS4600-32F: 4.70(ABBI.3)C0

XGS4600-52F: 4.70(ABIK.3)C0

XMG1930-30: 4.70(ACAR.0)

XMG1930-30HP: 4.70(ACAS.0)

XS3800-28: 4.80(ABML.0)C0

MGS3500-24S: 4.10(ABBR.1)C0

MGS3520-28: 4.10(ABQM.1)C0 - 4.10(AATN.4)C0

MGS3520-28F: 4.10(AATM.3)C0

MGS3530-28: 4.10(ACFJ.0)C0 - 4.10(ACEM.1)C0

CPE2.3 External links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-switches


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###