admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-44xx/CVE-2023-4474.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

138 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-4474",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-30T02:15:43.553",
"lastModified": "2024-11-21T08:35:14.640",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales en el servidor WSGI del firmware Zyxel NAS326 versi\u00f3n V5.21(AAZF.14)C0 y NAS542 versi\u00f3n V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante no autenticado ejecute alg\u00fan sistema operativo (OS ) comandos enviando una URL manipulada a un dispositivo vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(aazf.14\\)c0",
"matchCriteriaId": "897157F4-9F3E-4F03-91DF-6223C1BAA451"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(abag.11\\)c0",
"matchCriteriaId": "0A0D05F3-0FBD-43D0-8041-2AAF822B83C5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"
}
]
}
]
}
],
"references": [
{
"url": "https://bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/",
"source": "security@zyxel.com.tw"
},
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink