- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerability in Zyxel Network Attached Storage (NAS) Products
Critical Vulnerability in Zyxel Network Attached Storage (NAS) Products
21 June 2023
Zyxel has released security updates to address a critical vulnerability (CVE-2023-27992) in their Network Attached Storage (NAS) products. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
Successful exploitation of the pre-authentication command injection vulnerability could allow a remote unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
The vulnerability affects the following product versions:
NAS326 versions 5.21(AAZF.13)C0 and earlier
NAS540 versions 5.21(AATB.10)C0 and earlier
NAS542 versions 5.21(ABAG.10)C0 and earlier
Users and administrators of affected product versions are advised to update to the latest versions immediately.
More information is available here: