Zyxel Multiple NAS Devices Command Injection Vulnerability
Zyxel — Multiple Network-Attached Storage (NAS) Devices
- Added to KEV catalog
- 23 June 2023
- Federal remediation due date
- 14 July 2023
- Weakness classification (CWE)
- CWE-78
CISA Description
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.
Required action
Apply updates per vendor instructions.
Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products; https://nvd.nist.gov/vuln/detail/CVE-2023-27992
More Zyxel Vulnerabilities
Zyxel DSL CPE OS Command Injection Vulnerability
Zyxel DSL CPE OS Command Injection Vulnerability
Zyxel Multiple Firewalls Path Traversal Vulnerability
Zyxel EMG2926 Routers Command Injection Vulnerability
Zyxel P660HN-T1A Routers Command Injection Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services