CVE-2023-33013

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 14, 2023

Updated: Aug 22, 2023

CWE ID 78

Summary

CVE-2023-33013 is a post-authentication command injection vulnerability affecting the Network Time Protocol (NTP) feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0. Successful exploitation of this issue allows authenticated attackers to execute operating system commands remotely by sending specially crafted HTTP requests. This vulnerability poses a significant risk to network security and should be addressed by applying the latest security patches. Users are advised to update their firmware as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ZyXEL

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sV6RmW
https://www.cve.org/CVERecord?id=CVE-2023-33013
https://nvd.nist.gov/vuln/detail/CVE-2023-33013

Back to Vulnerability Database

CVE-2023-33013

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations