Buffer Overflow Vulnerability in Zyxel DX5401-B0 Web Server
CVE-2023-28769

9.8CRITICAL

Key Information:

Vendor: Zyxel
Status: Dx5401-b0 Firmware
Vendor: CVE Published:; 27 April 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 73%

Summary

A buffer overflow vulnerability in the 'libclinkc.so' library of the Zyxel DX5401-B0 web server allows remote unauthenticated attackers to execute OS commands, potentially compromising device integrity. Additionally, this vulnerability can be exploited to create denial-of-service conditions, affecting the performance and availability of the device. Users are advised to update to the latest firmware version to mitigate these risks.

Affected Version(s)

DX5401-B0 firmware < V5.17(ABYO.1)C0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2023-28769
Created by Rapid7

References

https://www.zyxel.com/global/en/support/security-advisori...

EPSS Score

73% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2023
Vulnerability Reserved
Mar 23, 2023
🟡
Public PoC available
Dec 15, 2022
👾
Exploit known to exist
Dec 15, 2022