CVE-2022-45854 - OpenCVE

An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Nwa110ax Nwa110ax Firmware Nwa210ax Nwa210ax Firmware Wax510d Wax510d Firmware Wax610d Wax610d Firmware Wax630s Wax630s Firmware Wax650s Wax650s Firmware

Configuration 1 [-]

AND

cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-aps

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zyxel

Published: 2023-02-07T00:00:00

Updated: 2024-08-03T14:24:03.048Z

Reserved: 2022-11-23T00:00:00

Link: CVE-2022-45854

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-07T02:15:08.040

Modified: 2023-12-29T07:15:10.010

Link: CVE-2022-45854

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45854", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "dateUpdated": "2024-08-03T14:24:03.048Z", "dateReserved": "2022-11-23T00:00:00", "datePublished": "2023-02-07T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NWA110AX firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< 6.50(ABTG.0)C0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.</p>"}], "value": "An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2023-12-29T06:42:53.286Z"}, "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-aps"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.048Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-aps", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C1EE7F4-380B-451D-9B93-C93779C8340E", "versionEndIncluding": "6.45\\(abtg.0\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745DA605-AB65-48A3-B6D9-F36A6822B0A9", "versionEndIncluding": "6.45\\(abtd.0\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "12B28C41-2BCA-49D3-8F64-FAA85E139F61", "versionEndIncluding": "6.45\\(abtf.0\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*", "matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "43275ACF-7415-4637-8B01-113E78C429AF", "versionEndIncluding": "6.45\\(abte.0\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2F57D71-C95B-448A-8741-56CA6456508A", "versionEndIncluding": "6.45\\(abzd.0\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "03F7731E-FAB0-4DC4-8009-C7936B623C85", "versionEndIncluding": "6.45\\(abrm.0\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.\n\n"}], "id": "CVE-2022-45854", "lastModified": "2023-12-29T07:15:10.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@zyxel.com.tw", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2023-02-07T02:15:08.040", "references": [{"source": "security@zyxel.com.tw", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-aps"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}