Zyxel Releases Security Update

Security update addresses a post-authentication command injection vulnerability in Zyxel NAS products

Threat ID:: CC-4325
Threat Severity:: Information only
Published:: 1 June 2023 1:12 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses a post-authentication command injection vulnerability in Zyxel NAS products

Affected platforms

The following platforms are known to be affected:

Zyxel NAS326

Zyxel NAS540

Zyxel NAS542

Threat details

Introduction

Zyxel has released security updates to address a post-authentication command injection vulnerability in Zyxel NAS products. The vulnerability known as CVE-2023-27988 could allow an authenticated remote attacker with administrator privileges to execute some operating system (OS) commands on an affected system.

Remediation advice

Affected organisations are encouraged to review Zyxel's security advisory for CVE-2023-27988 and apply the relevant updates.

Definitive source of threat updates

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products

CVE Vulnerabilities

Status Published

CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.

Last edited: 1 June 2023 1:12 pm