CVE-2023-4474

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 version V5.21(AAZF.14)C0 Zyxel NAS542 version V5.21(ABAG.11)C0

Description The issue arises from the improper neutralization of special elements in the WSGI server, allowing an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. This could enable a remote attacker to execute arbitrary OS commands.

Recommendations For Zyxel NAS326 version V5.21(AAZF.14)C0, consider disabling the WSGI server until a patch is available. For Zyxel NAS542 version V5.21(ABAG.11)C0, consider disabling the WSGI server until a patch is available. As a temporary workaround, avoid using the vulnerable WSGI server functionality until the issue is resolved.