CVE-2023-28770

2023-04-2700:00:00

CWE-200

Zyxel

www.cve.org

sensitive information exposure

cgi export_log

zyxel dx5401-b0

remote unauthenticated attacker

password retrieval

encrypted file

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.045 Low

EPSS

Percentile

92.5%

JSON

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "DX5401-B0 firmware",
    "versions": [
      {
        "version": "< V5.17(ABYO.1)C0",
        "status": "affected"
      }
    ]
  }
]