CVE-2022-34747

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 Zyxel NAS540 firmware versions prior to V5.21(AAZF.12)C0 Zyxel NAS542 firmware versions prior to V5.21(AAZF.12)C0

Description A format string vulnerability could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. The vulnerability may be exploited to bypass user authentication, elevate privileges, or circumvent other restrictive conditions, potentially leading to data theft, data deletion, or the deployment of ransomware on internet-accessible NAS devices.

Recommendations For Zyxel NAS326 firmware version prior to V5.21(AAZF.12)C0, update to V5.21(AAZF.12)C0 or later. For Zyxel NAS540 firmware version prior to V5.21(AAZF.12)C0, update to V5.21(AAZF.12)C0 or later. For Zyxel NAS542 firmware version prior to V5.21(AAZF.12)C0, update to V5.21(AAZF.12)C0 or later. As a temporary workaround, consider restricting access to the vulnerable UDP packet handling functionality until a patch is available.