Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747with CVSS of 9.8, impacting its NAS devices.
This flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit the vulnerability to achieve unauthorized remote code execution via a crafted UDP packet.
Advertisements
A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
Affected Devices
- NAS326
- NAS540
- NAS542
