Zyxel Patches Critical RCE Vulnerability Affecting NAS Devices

June 21, 2023

Zyxel released a security advisory addressing critical vulnerability affecting its network-attached storage (NAS) devices which might result in remote code execution (RCE).

The Vulnerability

  • CVE-2023-27992 (CVSS:3.1 – 9.8, Critical) – RCE vulnerability in Zyxel NAS different versions. An unauthenticated threat actor could exploit this vulnerability by remotely executing certain operating system (OS) commands through a crafted HTTP request.

Vulnerable Versions

  • NAS326 (V5.21(AAZF.13)C0 and earlier.
  • NAS540 (V5.21(AATB.10)C0 and earlier.
  • NAS542 (V5.21(ABAG.10)C0 and earlier


CYREBRO recommends to update all affected products to the latest firmware versions.

References: Zyxel Advisory

Sign Up for Updates