Lucene search

ZyxelCVELIST:CVE-2023-28769

HistoryApr 27, 2023 - 12:00 a.m.

CVE-2023-28769

2023-04-2700:00:00

CWE-120

Zyxel

www.cve.org

buffer overflow

web server

remote code execution

dos

zyxel dx5401-b0

firmware vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.163 Low

EPSS

Percentile

96.0%

JSON

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "DX5401-B0 firmware",
    "versions": [
      {
        "version": "< V5.17(ABYO.1)C0",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.163 Low

EPSS

Percentile

96.0%

JSON

Related for CVELIST:CVE-2023-28769