Warning – Zxyel patches critical format string vulnerability affecting 3 NAS models
NAS326 V5.21(AAZF.11)C0 and earlier
NAS540 V5.21(AATB.8)C0 and earlier
NAS542 V5.21(ABAG.8)C0 and earlier
Format String Vulnerability
An attacker could exploit CVE-2022-34747 to achieve unauthorized remote code execution (RCE) via a crafted UDP packet. NAS devices are an interesting target for ransomware attackers as initial vector and to encrypt backups stored on the NAS device. Encrypted backups make it harder to restore from a ransomware, which forces the victim to pay the ransom.
On the 6th of September, networking provider Zyxel released a security advisory to warn users of a critical format string vulnerability found in three Zyxel NAS models:
- NAS326 V5.21(AAZF.11)C0 and earlier
- NAS540 V5.21(AATB.8)C0 and earlier
- NAS542 V5.21(ABAG.8)C0 and earlier
The Centre for Cyber Security Belgium recommends administrators of Zyxel NAS appliances to patch vulnerable Zyxel NAS devices.
The CCB strongly recommends to not expose NAS appliances to the internet. NAS devices should be configured behind a firewall.