← back
CVE-2023-35137

CVE-2023-35137

CVSS 7.5 HIGHEPSS 0.9%CWE-287
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
30 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Zyxel · NAS326 firmwareZyxel · NAS542 firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products