October 2, 2023

Zyxel has released patches addressing a security flaw tracked as  CVE-2023-27992 pre-authentication command injection vulnerability in some NAS versions.

The vulnerability with a CVSS score of 9.8 ,described as a pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

Advertisements

As per the Zyxel statement – After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.

Affected modelAffected versionPatch availability
NAS326V5.21(AAZF.13)C0 and earlierV5.21(AAZF.14)C0
NAS540V5.21(AATB.10)C0 and earlierV5.21(AATB.11)C0
NAS542V5.21(ABAG.10)C0 and earlierV5.21(ABAG.11)C0

There is currently no indication that CVE-2023-27992 is being actively exploited. Since Zyxel does not mention workarounds or mitigations, administrators and owners of the aforementioned NAS device models are advised to quickly upgrade to the latest firmware version.

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: