CVE-2023-35137 HIGH

CVE-2023-35137

Vendor Zyxel
Product NAS326 firmware
Weakness CWE-287 · Improper authentication
Published November 30, 2023
Last update August 2, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.

Key dates

02Disclosure timeline

November 30, 2023 CVE published
August 2, 2024 Record updated