CVE-2023-28770

2023-04-2709:15:09

CWE-200

[email protected]

web.nvd.nist.gov

145

information security

vulnerability

zyxel

dx5401-b0

cve-2023-28770

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.057 Low

EPSS

Percentile

93.4%

JSON

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.

Affected configurations

NVD

Node

zyxeldx5401-b0Match-

AND

zyxeldx5401-b0_firmwareRange<5.17\(abyo.1\)c0

CPENameOperatorVersion
zyxel:dx5401-b0_firmwarezyxel dx5401-b0 firmwarelt5.17\(abyo.1\)c0

CPE	Name	Operator	Version
zyxel:dx5401-b0_firmware	zyxel dx5401-b0 firmware	lt	5.17\(abyo.1\)c0

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "DX5401-B0 firmware",
    "versions": [
      {
        "version": "< V5.17(ABYO.1)C0",
        "status": "affected"
      }
    ]
  }
]