CVSS: 10.0EPSS: 17%CPEs: 2EXPL: 0CVE-2023-28769
https://notcve.org/view.php?id=CVE-2023-28769
27 Apr 2023 — The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 6%CPEs: 2EXPL: 1CVE-2023-28770 – Zyxel Chained Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-28770
27 Apr 2023 — The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. • https://packetstorm.news/files/id/172277 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.0EPSS: 0%CPEs: 66EXPL: 0CVE-2022-26414
https://notcve.org/view.php?id=CVE-2022-26414
11 Apr 2022 — A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. Se ha identificado una potencial vulnerabilidad de desbordamiento de búfer en algunas funciones internas del firmware de Zyxel VMG3312-T20A versión 5.30(ABFX.5)C0, que podría ser aprovechada por un atacante local autenticado para causar una denegación de servicio • https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.0EPSS: 0%CPEs: 66EXPL: 0CVE-2022-26413
https://notcve.org/view.php?id=CVE-2022-26413
11 Apr 2022 — A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. Una vulnerabilidad de inyección de comandos en el programa CGI del firmware de Zyxel VMG3312-T20A versión 5.30(ABFX.5)C0, podría permitir a un atacante local autenticado ejecutar comandos arbitrarios del Sistema Operativo en un dispositivo vulnerable por medio de una interfaz LAN • https://www.zyxel.com/support/OS-command-injection-and-buffer-overflow-vulnerabilities-of-CPE-and-ONTs.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-35036
https://notcve.org/view.php?id=CVE-2021-35036
01 Mar 2022 — A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. Una vulnerabilidad de almacenamiento de información en texto claro en la versión V5.50(ABTL.0)b2k del firmware de Zyxel VMG3625-T50B podría permitir a un atacante autenticado obtener información sensible del archivo de configuración • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability • CWE-312: Cleartext Storage of Sensitive Information •