PT-2019-11950 · Zyxel · Zyxel Nas326

Maxwell Dulin

·

Published

2019-04-09

·

Updated

2020-08-24

·

CVE-2019-10631

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Zyxel NAS 326 versions 5.21 and below
Description The issue allows an authenticated attacker to execute arbitrary code via multiple different requests due to Shell Metacharacter Injection in the package installer.
Recommendations For Zyxel NAS 326 versions 5.21 and below, update to a version above 5.21 to resolve the issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-10631

Affected Products

Zyxel Nas326