CVE-2023-33013

Name of the Vulnerable Software and Affected Versions Zyxel NBG6604 firmware version V1.01(ABIR.1)C0

Description A post-authentication command injection vulnerability in the NTP feature could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.

Recommendations For Zyxel NBG6604 firmware version V1.01(ABIR.1)C0, consider disabling the NTP feature until a patch is available to prevent potential command injection attacks. Restrict access to the NTP module to minimize the risk of exploitation. Avoid using the NTP feature in the affected firmware version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.