Main Vulnerability Database Vulnerabilities #VU70458

#VU70458 Improper Authorization in NBG7510 - CVE-2022-38546

Published: December 21, 2022

Vulnerability identifier: #VU70458

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-38546

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
NBG7510

Software vendor:
ZyXEL Communications Corp.

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a DNS misconfiguration. A remote non-authenticated attacker can perform DNS-related attacks, such as DNS tunneling or DNS amplification attacks, by using the open DNS resolver when the device is switched to the AP mode.

Remediation

Install updates from vendor's website.

External links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dns-misconfiguration-in-nbg7510-home-router

#VU70458 Improper Authorization in NBG7510 - CVE-2022-38546

Description

Remediation

External links

Please verify you're human