Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices

Technology

Jun 20, 2023Ravie LakshmananVulnerability / Data Security

Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems.

Tracked as CVE-2023-27992 (CVSS score: 9.8), the issue has been described as a pre-authentication command injection vulnerability.

“The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request,” Zyxel said in an advisory published today.

Cybersecurity

Andrej Zaujec, NCSC-FI, and Maxim Suslov have been credited with discovering and reporting the flaw. The following versions are impacted by CVE-2023-27992 –

  • NAS326 (V5.21(AAZF.13)C0 and earlier, patched in V5.21(AAZF.14)C0),
  • NAS540 (V5.21(AATB.10)C0 and earlier, patched in V5.21(AATB.11)C0), and
  • NAS542 (V5.21(ABAG.10)C0 and earlier, patched in V5.21(ABAG.11)C0)

The alert comes two weeks after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two flaws in Zyxel firewalls (CVE-2023-33009 and CVE-2023-33010) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

With Zyxel devices becoming an attack magnet for threat actors, it’s imperative that customers apply the fixes as soon as possible to prevent potential risks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Lucien Laviscount Stars In New Audio Erotica Series
Hawkeye Looks Unstoppable in Epic Marvel Rivals Trailer Reveal
Can Starbucks fix long lines at its airport cafes?
Trump’s controversial nominees test his sway with Senate Republicans – NBC Los Angeles
AirPods Max Will Not See Any ‘Meaningful’ Upgrades Due to Low Sales, Says Mark Gurman