CVE-2023-37927

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 firmware version V5.21(AAZF.14)C0 Zyxel NAS542 firmware version V5.21(ABAG.11)C0

Description The issue is related to the improper neutralization of special elements in the CGI program of the Zyxel NAS326 and NAS542 firmware. This could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

Recommendations For Zyxel NAS326 firmware version V5.21(AAZF.14)C0, update the firmware to a version that fixes the issue. For Zyxel NAS542 firmware version V5.21(ABAG.11)C0, update the firmware to a version that fixes the issue. As a temporary workaround, consider restricting access to the CGI program to minimize the risk of exploitation.