Cyber Resilience

CVE-2023-28769

Critical

Published: 27 April 2023

Published
27 April 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7219 98.8th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-28769 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Zyxel Dx5401-B0 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability is a buffer overflow (CWE-120) in the libclinkc.so library used by the zhttpd web server component of Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0. With a CVSS 3.1 score of 9.8, the flaw resides in network-facing code that processes unauthenticated requests.

A remote attacker with no credentials or user interaction can send crafted input over the network to trigger the overflow, resulting in arbitrary OS command execution or denial-of-service conditions on the affected device.

Zyxel’s security advisory directs customers to upgrade to firmware V5.17(ABYO.1)C0 or later; the associated EPSS score has remained elevated, currently at 0.7219 with a recorded peak of 0.7417.

EU & UK References

Vulnerability details

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a…

more

vulnerable device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zyxel
dx5401-b0 firmware
≤ 5.17\(abyo.1\)c0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References