Zyxel, a prominent provider of network solutions, has recently issued a security bulletin warning users of multiple critical vulnerabilities in its network-attached storage (NAS) devices. These vulnerabilities affect specific models, including NAS326 and NAS542, potentially allowing unauthenticated attackers to execute operating system commands and gain unauthorized access. Among the identified flaws are issues related to improper authentication, command injection, and CGI program vulnerabilities, posing significant security risks to users’ stored data and system integrity. The affected Zyxel NAS devices cater to a wide array of users, from small to medium-sized businesses relying on centralized data storage to professionals in IT and creative industries dealing with extensive files.
The vulnerabilities, with critical-severity scores, expose the devices to various threats, such as unauthorized access, execution of operating system commands, and potential data breaches. Zyxel has recommended immediate firmware updates for NAS326 and NAS542 users, advising the installation of V5.21(AAZF.15)C0 or later for NAS326 and V5.21(ABAG.12)C0 or later for NAS542 to patch the identified security flaws. These critical vulnerabilities could be exploited by threat actors to compromise the confidentiality and integrity of stored data, posing significant risks to businesses and professionals reliant on these Zyxel NAS devices. The urgent need for firmware updates highlights the severity of the identified flaws and emphasizes the critical importance of safeguarding network infrastructure against potential cyber threats.