Zyxel has recently addressed a critical security issue identified as CVE-2023-27992 by releasing patches for pre-authentication command injection vulnerabilities in certain Network Attached Storage (NAS) versions. The vulnerability, if exploited, could permit an unauthenticated attacker to remotely execute operating system (OS) commands by sending a specifically crafted HTTP request. To mitigate the risk associated with this flaw, users are strongly advised to promptly install the provided patches to ensure optimal protection against potential exploitation.
The affected Zyxel NAS models include NAS326 (up to version V5.21(AAZF.13)C0), NAS540 (up to version V5.21(AATB.10)C0), and NAS542 (up to version V5.21(ABAG.10)C0). Users of these NAS devices should take immediate action to update their firmware to the patched versions – V5.21(AAZF.14)C0, V5.21(AATB.11)C0, and V5.21(ABAG.11)C0 respectively.
This precautionary measure is crucial in safeguarding the integrity and security of the NAS systems, preventing potential unauthorized remote command executions. In summary, Zyxel has proactively responded to the CVE-2023-27992 vulnerability by releasing timely patches for the affected NAS models. Users are strongly urged to stay vigilant and promptly apply the provided firmware updates to mitigate the risk of exploitation and enhance the security of their Zyxel NAS devices.
Reference:
