CVE-2023-28769

2023-04-2709:15:09

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-28769

buffer overflow

zyxel

dx5401-b0

firmware

web server

vulnerability

nvd

dos

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.163 Low

EPSS

Percentile

96.0%

JSON

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

Affected configurations

NVD

Node

zyxeldx5401-b0Match-

AND

zyxeldx5401-b0_firmwareRange<5.17\(abyo.1\)c0

CPENameOperatorVersion
zyxel:dx5401-b0_firmwarezyxel dx5401-b0 firmwarelt5.17\(abyo.1\)c0

CPE	Name	Operator	Version
zyxel:dx5401-b0_firmware	zyxel dx5401-b0 firmware	lt	5.17\(abyo.1\)c0

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "DX5401-B0 firmware",
    "versions": [
      {
        "version": "< V5.17(ABYO.1)C0",
        "status": "affected"
      }
    ]
  }
]