Vulnerability Details CVE-2023-28770
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.791
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 7.5
References
- http://packetstormsecurity.com/files/172277/Zyxel-Chained-Remote-Code-Execution.html
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities
- http://packetstormsecurity.com/files/172277/Zyxel-Chained-Remote-Code-Execution.html
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities
- https://packetstorm.news/files/id/172277
Products affected by CVE-2023-28770
-
cpe:2.3:h:zyxel:dx5401-b0:-
-
cpe:2.3:o:zyxel:dx5401-b0_firmware:-