Xianjun Chen

**Name of the Vulnerable Software and Affected Versions** Zyxel NBG6604 version V1.01(ABIR.0)C0 **Description** The issue is related to a post-authentication command injection vulnerability. This could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. The vulnerability is also associated with a buffer overflow due to a lack of input size validation, which could lead to a denial of service. **Recommendations** For Zyxel NBG6604 version V1.01(ABIR.0)C0, consider restricting access to the device until a patch is available, and avoid using the vulnerable firmware version to minimize the risk of exploitation. As a temporary workaround, consider disabling remote access to the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.