CVE-2023-28770: Infoleak
First published: Thu Apr 27 2023(Updated: )
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel DX5401-B0 firmware | <5.17\(abyo.1\)c0 | |
| Zyxel DX5401-B0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-28770.
What is the title of the vulnerability?
The title of the vulnerability is 'The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zy…'.
What is the severity of CVE-2023-28770?
The severity of CVE-2023-28770 is high with a severity value of 7.5.
What is the affected software?
The affected software is Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0.
How can an attacker exploit this vulnerability?
A remote unauthenticated attacker can exploit this vulnerability to read system files and retrieve the password of the supervisor from the encrypted file.
- collector/nvd-index
- vendor/zyxel
- canonical/zyxel dx5401-b0 firmware
- canonical/zyxel dx5401-b0