CVE-2023-35137
CVSS V2 None
CVSS V3 None
Description
An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.
Overview
- CVE ID
- CVE-2023-35137
- Assigner
- Zyxel
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-30T01:25:52.494Z
- Last Modified Date
- 2023-11-30T01:25:52.494Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-35137 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35137 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 19:41:31 | Added to TrackCVE |