Zyxel Releases Security Update

Update addresses a Critical vulnerability in several Network Attached Storage (NAS) devices

Threat ID:: CC-4343
Threat Severity:: Information only
Published:: 21 June 2023 3:23 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Update addresses a Critical vulnerability in several Network Attached Storage (NAS) devices

Affected platforms

The following platforms are known to be affected:

Versions: V5.21(AAZF.13)C0 and earlier

Zyxel NAS326

Versions: V5.21(AATB.10)C0 and earlier

Zyxel NAS540

Versions: V5.21(ABAG.10)C0 and earlier

Zyxel NAS542

Threat details

Introduction

Zyxel has released a security update to address a Critical vulnerability in NAS326, NAS540, and NAS542 network adjacent storage devices. The vulnerability known as CVE-2023-27992 has a CVSSv3 score of 9.8 and relates to a pre-authentication command injection vulnerability. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request, which could allow them to execute operating system (OS) commands.

Exploitation in the wild for CVE-2023-27992

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-27992 to their Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.

Threat updates

Date	Update
26 Jun 2023	Exploitation in the wild for CVE-2023-27992 This cyber alert has been updated to reflect this change.

Remediation advice

Affected organisations are encouraged to review Zyxel's security advisory and apply relevant updates and mitigations.

Definitive source of threat updates

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products

CVE Vulnerabilities

Status Published

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

Last edited: 26 June 2023 1:10 pm