Zyxel Releases Pressing Safety Updates for Essential Vulnerability in NAS Gadgets

Jun 20, 2023Ravie LakshmananVulnerability / Knowledge Safety

Critical Vulnerability in NAS Devices

Zyxel has rolled out safety updates to handle a vital safety flaw in its network-attached storage (NAS) units that would end result within the execution of arbitrary instructions on affected techniques.

Tracked as CVE-2023-27992 (CVSS rating: 9.8), the problem has been described as a pre-authentication command injection vulnerability.

“The pre-authentication command injection vulnerability in some Zyxel NAS units might enable an unauthenticated attacker to execute some working system (OS) instructions remotely by sending a crafted HTTP request,” Zyxel mentioned in an advisory revealed at the moment.

Andrej Zaujec, NCSC-FI, and Maxim Suslov have been credited with discovering and reporting the flaw. The next variations are impacted by CVE-2023-27992 –

  • NAS326 (V5.21(AAZF.13)C0 and earlier, patched in V5.21(AAZF.14)C0),
  • NAS540 (V5.21(AATB.10)C0 and earlier, patched in V5.21(AATB.11)C0), and
  • NAS542 (V5.21(ABAG.10)C0 and earlier, patched in V5.21(ABAG.11)C0)

The alert comes two weeks after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added two flaws in Zyxel firewalls (CVE-2023-33009 and CVE-2023-33010) to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.

With Zyxel units changing into an assault magnet for menace actors, it is crucial that prospects apply the fixes as quickly as potential to stop potential dangers.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles