June 21, 2023
Zyxel released a security advisory addressing critical vulnerability affecting its network-attached storage (NAS) devices which might result in remote code execution (RCE).
- CVE-2023-27992 (CVSS:3.1 – 9.8, Critical) – RCE vulnerability in Zyxel NAS different versions. An unauthenticated threat actor could exploit this vulnerability by remotely executing certain operating system (OS) commands through a crafted HTTP request.
- NAS326 (V5.21(AAZF.13)C0 and earlier.
- NAS540 (V5.21(AATB.10)C0 and earlier.
- NAS542 (V5.21(ABAG.10)C0 and earlier
CYREBRO recommends to update all affected products to the latest firmware versions.
References: Zyxel Advisory