CVE-2023-28770

HIGH EXPLOITED

Zyxel DX5401-B0 <V5.17(ABYO.1)C0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-28770 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit, including a Metasploit module exploits/linux/http/zyxel_lfi_unauth_ssh_rce.

AI-analyzed exploit summary This Metasploit module exploits a chained vulnerability in Zyxel routers, combining an unauthenticated LFI to disclose configuration and a weak password derivation algorithm to gain RCE via SSH as the 'supervisor' user.

Description

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.

Exploits (1)

metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb

This Metasploit module exploits a chained vulnerability in Zyxel routers, combining an unauthenticated LFI to disclose configuration and a weak password derivation algorithm to gain RCE via SSH as the 'supervisor' user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zyxel routers and CPE devices (multiple models)
No auth needed
Prerequisites: Network access to the target device · SSH service enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.5778
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2023-11-28
CWE
CWE-200 CWE-203
Status published
Products (1)
zyxel/dx5401-b0_firmware < 5.17\(abyo.1\)c0
Published Apr 27, 2023
Tracked Since Feb 18, 2026