top of page
  • Clipeus

Zyxel NAS Device Vulnerabilities

A Zyxel security bulletin issued on 30 November 2023, reports several vulnerabilities affecting Zyxel network-attached storage (NAS) devices, specifically the following models and versions:

  • NAS326, version V5.21(AAZF.14)C0 and earlier

  • NAS542, version V5.21(ABAG.11)C0 and earlier

The vulnerabilities enable an unauthenticated remote attacker to achieve command injection. Commands sent via HTTP POST request or crafted URLs would be executed as operating system commands.


The table below summarizes the specifics for each vulnerability:

Tracking Number

CVSS

Vector and Privilege Required

​7.5

Network; no privilege or user interaction required

9.8

Network; no privilege or user interaction required

​9.8

Network; no privilege or user interaction required

​8.8

Network; no privilege or user interaction required

​9.8

Network; no privilege or user interaction required

​9.8

Network; no privilege or user interaction required




Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page