CVE-2023-22919: OS Command Injection
First published: Mon May 01 2023(Updated: )
The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel NBG6604 firmware | =1.01\(abir.0\)c0 | |
| Zyxel NBG6604 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-22919?
CVE-2023-22919 is a post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0.
What is the severity of CVE-2023-22919?
The severity of CVE-2023-22919 is high with a CVSS score of 8.8.
How does CVE-2023-22919 impact the Zyxel NBG6604 router?
CVE-2023-22919 allows an authenticated attacker to execute OS commands remotely on the Zyxel NBG6604 router.
How can I fix CVE-2023-22919?
To fix CVE-2023-22919, update the Zyxel NBG6604 firmware to version V1.01(ABIR.0)C0 or a later version.
Where can I find more information about CVE-2023-22919?
You can find more information about CVE-2023-22919 in the [Zyxel Security Advisory](https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nbg6604-home-router).
- collector/nvd-latest
- collector/nvd-index
- vendor/zyxel
- canonical/zyxel nbg6604 firmware
- version/zyxel nbg6604 firmware/1.01\(abir.0\)c0
- canonical/zyxel nbg6604