Skip to main content
All vulnerabilities
CVE-2023-27992

Zyxel Multiple NAS Devices Command Injection Vulnerability

ZyxelMultiple Network-Attached Storage (NAS) Devices

Added to KEV catalog
23 June 2023
Federal remediation due date
14 July 2023
Weakness classification (CWE)
CWE-78

CISA Description

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.

Required action

Apply updates per vendor instructions.

Notes

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products; https://nvd.nist.gov/vuln/detail/CVE-2023-27992

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services