CVE-2023-22919

Name of the Vulnerable Software and Affected Versions Zyxel NBG6604 version V1.01(ABIR.0)C0

Description The issue is related to a post-authentication command injection vulnerability. This could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. The vulnerability is also associated with a buffer overflow due to a lack of input size validation, which could lead to a denial of service.

Recommendations For Zyxel NBG6604 version V1.01(ABIR.0)C0, consider restricting access to the device until a patch is available, and avoid using the vulnerable firmware version to minimize the risk of exploitation. As a temporary workaround, consider disabling remote access to the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.