Buffer Overflow Vulnerability in Zyxel DX5401-B0 Web Server
CVE-2023-28769

9.8CRITICAL

Key Information:

Vendor: Zyxel
Status: Dx5401-b0 Firmware
Vendor: CVE Published:; 27 April 2023

Summary

A buffer overflow vulnerability in the 'libclinkc.so' library of the Zyxel DX5401-B0 web server allows remote unauthenticated attackers to execute OS commands, potentially compromising device integrity. Additionally, this vulnerability can be exploited to create denial-of-service conditions, affecting the performance and availability of the device. Users are advised to update to the latest firmware version to mitigate these risks.

Affected Version(s)

DX5401-B0 firmware < V5.17(ABYO.1)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2023
Vulnerability Reserved
Mar 23, 2023