CVE-2023-28770 HIGH

CVE-2023-28770

Vendor Zyxel
Product DX5401-B0 firmware
Weakness CWE-200 · Info exposure
Published April 27, 2023
Last update January 31, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.

Key dates

02Disclosure timeline

April 27, 2023 CVE published
January 31, 2025 Record updated