Noam Zhitomirsky

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS326 versions prior to V5.21(AAZF.13)C0 Zyxel NAS540 (affected versions not specified) Zyxel NAS542 (affected versions not specified) **Description** The issue is related to a command injection vulnerability. It may allow a remote attacker with administrator privileges to execute arbitrary operating system commands on an affected device by sending a specially crafted HTTP request. **Recommendations** For Zyxel NAS326 versions prior to V5.21(AAZF.13)C0, update to version V5.21(AAZF.13)C0 or later. For Zyxel NAS540 and Zyxel NAS542, at the moment, there is no information about a newer version that contains a fix for this vulnerability.