CVE-2023-28770 — Sensitive Information Exposure in Zyxel Dx5401-b0 Firmware

CWE-200 — Sensitive Information Exposure CWE-203 — Observable Discrepancy4 documents4 sources

Severity

7.5HIGHNVD

EPSS

83.7%

top 0.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Dx5401-b0 Firmware

Timeline

PublishedApr 27

Latest updateJul 6

Description

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5zyxel/dx5401-b0_firmware< V5.17(ABYO.1)C0

▶NVDzyxel/dx5401-b0_firmware< 5.17\(abyo.1\)c0

🔴Vulnerability Details

GHSA

GHSA-jwcx-m84w-h98g: The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5↗2023-07-06

▶

CVEList

CVE-2023-28770: The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5↗2023-04-27

▶

VulnCheck

Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 Remote Information Disclosure↗2023

▶