December 9, 2023

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747with CVSS of 9.8, impacting its NAS devices.

This flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit the vulnerability to achieve unauthorized remote code execution via a crafted UDP packet.

Advertisements

A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

Affected Devices

  • NAS326
  • NAS540
  • NAS542

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d