Jinwei Dong

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS326 versions through V5.21(AAZF.18)C0 Zyxel NAS542 versions through V5.21(ABAG.15)C0 **Description** A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. The vulnerability exists in the export-cgi program and allows an attacker to remotely execute operating system commands. **Recommendations** For Zyxel NAS326 versions through V5.21(AAZF.18)C0, apply the hotfix released by Zyxel to address the command injection vulnerability. For Zyxel NAS542 versions through V5.21(ABAG.15)C0, apply the hotfix released by Zyxel to address the command injection vulnerability. As a temporary workaround, consider disabling the export-cgi program until a patch is available. Restrict access to the vulnerable export-cgi program to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions V4.32 through V5.38 Zyxel USG FLEX series versions V4.50 through V5.38 Zyxel USG FLEX 50(W) series versions V4.16 through V5.38 Zyxel USG20(W)-VPN series versions V4.16 through V5.38 **Description** A buffer overflow vulnerability in the CGI program could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. The vulnerability is related to the lack of size checking for input data, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Zyxel ATP series versions V4.32 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG FLEX series versions V4.50 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG FLEX 50(W) series versions V4.16 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. For Zyxel USG20(W)-VPN series versions V4.16 through V5.38, update to a version that fixes the buffer overflow vulnerability in the CGI program. As a temporary workaround, consider restricting access to the CGI program to minimize the risk of exploitation.