June 20, 2023Ravi LakshmananVulnerability / Data Security

Zyxel has released a security update to address a critical security flaw in its Network Attached Storage (NAS) devices that could allow the execution of arbitrary commands on affected systems.

tracked CVE-2023-27992 (CVSS score: 9.8), the issue is described as a pre-authentication command injection vulnerability.

“A pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to remotely execute some operating system (OS) commands by sending crafted HTTP requests. there is.” Said In a recommendation published today.

cyber security

Andrej Zaujec, NCSC-FI, and Maxim Suslov are credited with discovering and reporting this flaw. The following version he is affected by CVE-2023-27992-

  • NAS326 (before V5.21(AAZF.13)C0, patched in V5.21(AAZF.14)C0),
  • NAS540 (before V5.21(AATB.10)C0, patched with V5.21(AATB.11)C0), and
  • NAS542 (before V5.21(ABAG.10)C0, patched in V5.21(ABAG.11)C0)

The alert comes after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday, based on evidence, that two flaws (CVE-2023-33009 and CVE-2023-33010) in the Zyxel firewall have been exploited as known vulnerabilities ( KEV) published two weeks after being added to the catalog. of active exploitation.

With Zyxel devices being targeted by threat actors, it is imperative that customers apply patches as soon as possible to prevent potential risks.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog