The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.
Published 2023-04-27 09:15:10
Updated 2023-05-10 18:15:09
View at NVD,   CVE.org
Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2023-28770

5.30%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-28770

  • Zyxel chained RCE using LFI and weak password derivation algorithm
    Disclosure Date: 2022-02-01
    First seen: 2023-09-11
    exploit/linux/http/zyxel_lfi_unauth_ssh_rce
    This module exploits multiple vulnerabilities in the `zhttpd` binary (/bin/zhttpd) and `zcmd` binary (/bin/zcmd). It is present on more than 40 Zyxel routers and CPE devices. The remote code execution vulnerability can be exploited by chaining the local file disclosure

CVSS scores for CVE-2023-28770

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
Zyxel Corporation

CWE ids for CVE-2023-28770

References for CVE-2023-28770

Products affected by CVE-2023-28770

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!