Zyxel Addresses Critical Vulnerability in NAS Devices

June 20, 2023

Zyxel has recently released security updates to tackle a critical security flaw, identified as CVE-2023-27992 (CVSS score: 9.8), which affects its network-attached storage (NAS) devices. This vulnerability is a pre-authentication command injection issue affecting the firmware versions of Zyxel NAS326, NAS540, and NAS542 prior to V5.21(AAZF.14)C0, V5.21(AATB.11)C0, and V5.21(ABAG.11)C0, respectively. The flaw allows a remote, unauthenticated attacker to execute certain operating system (OS) commands by sending a specially crafted HTTP request.

According to Zyxel's advisory, “The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.” The vulnerability was brought to light by Andrej Zaujec, NCSC-FI, and Maxim Suslov.

In early June, Zyxel provided guidance on how to safeguard firewall and VPN devices from ongoing attacks that exploited CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010 vulnerabilities. Threat actors have been actively trying to exploit the command injection vulnerability CVE-2023-28771, which affects Zyxel firewalls, with the aim of deploying and installing malware on the compromised systems. The US CISA added this vulnerability to its Known Exploited Vulnerability Catalog due to evidence of active exploitation.

In late April, Zyxel addressed the critical vulnerability CVE-2023-28771 (CVSS score 9.8) in its firewall devices and urged customers to install the provided patches to mitigate the risk. This vulnerability was being actively exploited to enlist vulnerable devices in a Mirai-like botnet. The other two vulnerabilities, CVE-2023-33009 and CVE-2023-33010, are critical buffer overflow vulnerabilities that can be triggered by a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices. Zyxel has stated that devices under attack become unresponsive and their Web GUI or SSH management interface becomes unreachable.

Related News

• Zyxel Encourages Firmware Updates to Protect Firewalls from Exploited Vulnerabilities
• Critical Zyxel Firewall Vulnerability Actively Exploited by Hackers
• Mirai Botnet Exploits Zyxel Firewall Vulnerability
• Critical Vulnerability in Zyxel Firewalls Allows Remote Command Execution

Latest News

• Asus Addresses Critical Security Flaws in WiFi Routers
• Western Digital Restricts Unpatched Devices From Accessing Cloud Services
• US Government Offers $10 Million Bounty for Information on Clop Ransomware Gang
• Shell Falls Victim to Clop Ransomware Attack Exploiting MOVEit Zero-Day Vulnerability
• Millions of State IDs Stolen in Oregon and Louisiana Due to MOVEit Breach