CVE-2023-35137

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 version V5.21(AAZF.14)C0 Zyxel NAS542 version V5.21(ABAG.11)C0

Description The issue is related to an improper authentication vulnerability in the authentication module of the Zyxel NAS326 and NAS542 firmware. This vulnerability could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device. The vulnerability is associated with deficiencies in the authentication procedure, which can be exploited to gain unauthorized access to the device.

Recommendations For Zyxel NAS326 version V5.21(AAZF.14)C0, consider disabling the authentication module until a patch is available. For Zyxel NAS542 version V5.21(ABAG.11)C0, restrict access to the device to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable firmware versions until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.