Zyxel Addresses Critical Vulnerability in NAS Devices

June 20, 2023

Zyxel has recently released security updates to tackle a critical security flaw, identified as CVE-2023-27992 (CVSS score: 9.8), which affects its network-attached storage (NAS) devices. This vulnerability is a pre-authentication command injection issue affecting the firmware versions of Zyxel NAS326, NAS540, and NAS542 prior to V5.21(AAZF.14)C0, V5.21(AATB.11)C0, and V5.21(ABAG.11)C0, respectively. The flaw allows a remote, unauthenticated attacker to execute certain operating system (OS) commands by sending a specially crafted HTTP request.

According to Zyxel's advisory, “The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.” The vulnerability was brought to light by Andrej Zaujec, NCSC-FI, and Maxim Suslov.

In early June, Zyxel provided guidance on how to safeguard firewall and VPN devices from ongoing attacks that exploited CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010 vulnerabilities. Threat actors have been actively trying to exploit the command injection vulnerability CVE-2023-28771, which affects Zyxel firewalls, with the aim of deploying and installing malware on the compromised systems. The US CISA added this vulnerability to its Known Exploited Vulnerability Catalog due to evidence of active exploitation.

In late April, Zyxel addressed the critical vulnerability CVE-2023-28771 (CVSS score 9.8) in its firewall devices and urged customers to install the provided patches to mitigate the risk. This vulnerability was being actively exploited to enlist vulnerable devices in a Mirai-like botnet. The other two vulnerabilities, CVE-2023-33009 and CVE-2023-33010, are critical buffer overflow vulnerabilities that can be triggered by a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices. Zyxel has stated that devices under attack become unresponsive and their Web GUI or SSH management interface becomes unreachable.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.