Zyxel NAS Devices Vulnerable to Command Injection Attacks – Update Your Firmware Now!

CVSScvssV3_1: 9.8

Zyxel NAS devices like the NAS326, NAS540 and NAS542 are vulnerable to pre-authentication command injection attacks according to a new CVE assigned CVE-2023-27992.

The vulnerability exists in older firmware versions of these NAS devices and could allow an unauthenticated remote attacker to execute operating system commands on the devices by sending a specially crafted HTTP request.

Command injection attacks work by inserting operating system commands into the input of a program or application. If not sanitized properly, these commands get executed like normal application functions, giving the attacker control.

In this case, by sending a malicious HTTP request, an attacker could potentially gain full access to the NAS device without any authentication. They could then delete, modify or steal files stored on it.

The good news is this vulnerability has been patched in newer firmware versions. All Zyxel NAS owners are advised to immediately update their devices to the latest firmware available from the manufacturer. Regularly checking for and applying security updates is one of the best ways to protect yourself from such exploits.

If your Zyxel NAS is exposed to the internet, consider removing direct internet access or using a firewall to filter traffic until you can update the firmware. Taking basic precautions can go a long way in keeping your data and devices secure.