A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.
References
Configurations
Configuration 1 (hide)
AND |
|
History
22 Aug 2023, 15:56
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
CPE | cpe:2.3:h:zyxel:nbg6604:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:nbg6604_firmware:1.01\(abir.1\)c0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-in-ntp-feature-of-nbg6604-home-routerĀ - Patch, Vendor Advisory |
14 Aug 2023, 17:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 17:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-33013
Mitre link : CVE-2023-33013
CVE.ORG link : CVE-2023-33013
JSON object : View
Products Affected
zyxel
- nbg6604
- nbg6604_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')