Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices

Cyber Security

Products You May Like

Jun 20, 2023Ravie LakshmananVulnerability / Data Security

Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems.

Tracked as CVE-2023-27992 (CVSS score: 9.8), the issue has been described as a pre-authentication command injection vulnerability.

“The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request,” Zyxel said in an advisory published today.

Cybersecurity

Andrej Zaujec, NCSC-FI, and Maxim Suslov have been credited with discovering and reporting the flaw. The following versions are impacted by CVE-2023-27992 –

  • NAS326 (V5.21(AAZF.13)C0 and earlier, patched in V5.21(AAZF.14)C0),
  • NAS540 (V5.21(AATB.10)C0 and earlier, patched in V5.21(AATB.11)C0), and
  • NAS542 (V5.21(ABAG.10)C0 and earlier, patched in V5.21(ABAG.11)C0)

The alert comes two weeks after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two flaws in Zyxel firewalls (CVE-2023-33009 and CVE-2023-33010) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

With Zyxel devices becoming an attack magnet for threat actors, it’s imperative that customers apply the fixes as soon as possible to prevent potential risks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Apple and Google wallets want to help make the hotel room key card obsolete
French Authorities Charge Telegram CEO Pavel Durov in Probe Into Organised Crime on App
Realme 13 Pro+ 5G Monet Purple Colour Variant Launched in India: Availability, Offers
Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns
Brazil’s top court orders nationwide suspension of Elon Musk’s X

Leave a Reply

Your email address will not be published. Required fields are marked *