Maxwell Dulin

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS 326 versions through 5.21 **Description** A plaintext password issue allows an elevated privileged user to obtain the admin password of the device. **Recommendations** For versions through 5.21, update to a version that contains a fix for this issue to prevent elevated privileged users from accessing the admin password.

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS 326 versions 5.21 and below **Description** The issue allows an authenticated attacker to execute arbitrary code via multiple different requests due to Shell Metacharacter Injection in the package installer. **Recommendations** For Zyxel NAS 326 versions 5.21 and below, update to a version above 5.21 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS 326 versions 5.21 and below **Description** A directory traversal issue in the file browser component allows a lower privileged user to change the location of any other user's files. **Recommendations** For Zyxel NAS 326 versions 5.21 and below, update to a version above 5.21 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS 326 versions 5.21 and below **Description** The issue is related to an eval injection vulnerability in the Python web server routing. This allows a remote authenticated attacker to execute arbitrary code via the "tjp6jp6y4", "simZysh", and "ck6fup6" APIs. **Recommendations** For Zyxel NAS 326 versions 5.21 and below, consider disabling access to the "tjp6jp6y4", "simZysh", and "ck6fup6" APIs until a patch is available. Restrict access to the Python web server routing to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel NAS 326 versions 5.21 and below **Description** The issue allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the `user`, `group`, and `file-share description` fields. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For Zyxel NAS 326 versions 5.21 and below, update to a version above 5.21 to resolve the issue. As a temporary workaround, consider restricting access to the user, group, and file-share description fields to minimize the risk of exploitation. Avoid using these fields until the issue is resolved.