NBG6604
by Zyxel
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33013 | 0.00 | — | 0.01 | Aug 14, 2023 | A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | |||
| CVE-2023-22919 | 0.00 | — | 0.02 | May 1, 2023 | The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | |||
| CVE-2021-35035 | 0.00 | — | 0.01 | Dec 29, 2021 | A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. | |||
| CVE-2021-35034 | 0.00 | — | 0.01 | Dec 29, 2021 | An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. |
- CVE-2023-33013Aug 14, 2023risk 0.00cvss —epss 0.01
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.
- CVE-2023-22919May 1, 2023risk 0.00cvss —epss 0.02
The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.
- CVE-2021-35035Dec 29, 2021risk 0.00cvss —epss 0.01
A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
- CVE-2021-35034Dec 29, 2021risk 0.00cvss —epss 0.01
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.