CVE-2023-28770

Name of the Vulnerable Software and Affected Versions ZyXEL DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0

Description The issue is related to insufficient protection of service data in the CGI "Export Log" component of the ZyXEL DX5401-B0 firmware. This could allow a remote unauthenticated attacker to read system files and retrieve the supervisor's password from an encrypted file. The attacker can exploit this issue to gain unauthorized access to protected information.

Recommendations For ZyXEL DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0, update to version V5.17(ABYO.1)C0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Export Log" CGI component and the "zcmd" binary to minimize the risk of exploitation. Avoid using the affected firmware until the issue is resolved.