CVE-2023-27988

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 versions prior to V5.21(AAZF.13)C0 Zyxel NAS540 (affected versions not specified) Zyxel NAS542 (affected versions not specified)

Description The issue is related to a command injection vulnerability. It may allow a remote attacker with administrator privileges to execute arbitrary operating system commands on an affected device by sending a specially crafted HTTP request.

Recommendations For Zyxel NAS326 versions prior to V5.21(AAZF.13)C0, update to version V5.21(AAZF.13)C0 or later. For Zyxel NAS540 and Zyxel NAS542, at the moment, there is no information about a newer version that contains a fix for this vulnerability.