Zyxel Nbg6604 Firmware vulnerabilities

CVE-2023-33013 [HIGH] CWE-78 CVE-2023-33013: A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware v A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.

CVE-2023-22919 [HIGH] CWE-78 CVE-2023-22919: The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01( The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.

CVE-2021-35034 [HIGH] CWE-613 CVE-2021-35034: An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware co An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.

CVE-2021-35035 [MEDIUM] CWE-312 CVE-2021-35035: A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.