4 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. Una vulnerabilidad de inyección de comando posterior a la autenticación en la función NTP de la versión V1.01(ABIR.1)C0 del firmware Zyxel NBG6604 podría permitir a un atacante autenticado ejecutar algunos comandos del sistema operativo de forma remota mediante el envío de una solicitud HTTP diseñada. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-in-ntp-feature-of-nbg6604-home-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nbg6604-home-router • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. Una vulnerabilidad de almacenamiento de texto sin cifrar de información confidencial en el firmware de Zyxel NBG6604 podría permitir a un atacante remoto y autenticado obtener información confidencial del archivo de configuración • https://www.zyxel.com/support/Zyxel_security_advisory_for_sensitive_information_vulnerabilities_of_NBG6604_home_router.shtml • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. Una vulnerabilidad de caducidad de sesión insuficiente en el programa CGI del firmware Zyxel NBG6604 podría permitir a un atacante remoto acceder al dispositivo si es posible interceptar el token correcto • https://www.zyxel.com/support/Zyxel_security_advisory_for_sensitive_information_vulnerabilities_of_NBG6604_home_router.shtml • CWE-613: Insufficient Session Expiration •