7.5

CVE-2023-35137

EPSS 0.12%
Published 30.11.2023 02:15:42
Last modified 21.11.2024 08:08:00
Source security@zyxel.com.tw
Teams watchlist Login
Open Login

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zyxel ≫ Nas326 Firmware Version <= 5.21\(aazf.14\)c0

Zyxel ≫ Nas326 Version-

Zyxel ≫ Nas542 Firmware Version <= 5.21\(abag.11\)c0

Zyxel ≫ Nas542 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.33

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security@zyxel.com.tw	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35137

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35137

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35137

EUVD