PT-2023-4004 · Zyxel · Zyxel Nas540+2

Amit Serper

Published

2023-05-30

Updated

2023-06-02

CVE-2023-27988

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 versions prior to V5.21(AAZF.13)C0 Zyxel NAS540 (affected versions not specified) Zyxel NAS542 (affected versions not specified)

Description The issue is related to a command injection vulnerability. It may allow a remote attacker with administrator privileges to execute arbitrary operating system commands on an affected device by sending a specially crafted HTTP request.

Recommendations For Zyxel NAS326 versions prior to V5.21(AAZF.13)C0, update to version V5.21(AAZF.13)C0 or later. For Zyxel NAS540 and Zyxel NAS542, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2023-04302

CVE-2023-27988

Affected Products

Zyxel Nas326

Zyxel Nas540

Zyxel Nas542

PT-2023-4004 · Zyxel · Zyxel Nas540+2

CVE-2023-27988

Weakness Enumeration

Related Identifiers

Affected Products

References · 5