Vulnerability Details CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.6%
CVSS Severity
CVSS v3 Score 8.8
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-in-ntp-feature-of-nbg6604-home-router
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-in-ntp-feature-of-nbg6604-home-router
Products affected by CVE-2023-33013
-
cpe:2.3:h:zyxel:nbg6604:-
-
cpe:2.3:o:zyxel:nbg6604_firmware:1.01(abir.1)c0