Zyxel Has Released Patches Addressing a Pre-Authentication Command Injection Vulnerability in Some NAS Versions
CVE-2023-27992
Sources
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
https://nvd.nist.gov/vuln/detail/CVE-2023-27992
Risks
Successful exploitation of the critical vulnerability allows an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
Description
CVE-2023-27992 is a pre-authentication command injection vulnerability in some NAS (Network Attached Storage) devices.
Affected products:
- NAS326, version V5.21(AAZF.13)C0 and earlier
- NAS540, version V5.21(AATB.10)C0 and earlier
- NAS542, version V5.21(ABAG.10)C0 and earlier
The flaw was discovered by Andrej Zaujec, NCSC-FI, and Maxim Suslov and has received a CVSS v3 score of 9.8.
Recommended Actions
To address the vulnerabilities, Zyxel advises users to patch, using the patches mentioned in their advisory, available at:
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
https://nvd.nist.gov/vuln/detail/CVE-2023-27992
https://www.zyxel.com/global/en/support/download?model=nas326
https://www.zyxel.com/global/en/support/download?model=nas540