CVE-2023-4474

🗓️ 30 Nov 2023 01:45:29Reported by ZyxelType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 45 Views

The Zyxel NAS326 and NAS542 firmware V5.21(AAZF.14)C0 and V5.21(ABAG.11)C0 allows OS command execution via crafted UR

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2023-4474	1 Dec 202313:01	–	circl
CNNVD	Zyxel NAS326 Operating System Command Injection Vulnerability	30 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-4474	30 Nov 202301:45	–	cvelist
NVD	CVE-2023-4474	30 Nov 202302:15	–	nvd
OpenVAS	Zyxel NAS Multiple Vulnerabilities (Jun/Nov 2023) - Active Check	7 Aug 202500:00	–	openvas
OSV	CVE-2023-4473	30 Nov 202302:15	–	osv
OSV	CVE-2023-4474	30 Nov 202302:15	–	osv
Prion	Command injection	30 Nov 202302:15	–	prion
Prion	Input validation	30 Nov 202302:15	–	prion
Positive Technologies	PT-2023-7332 · Zyxel · Zyxel Nas326 +1	30 Nov 202300:00	–	ptsecurity

NVD

Node

zyxel nas326_firmwareRange≤5.21(aazf.14)c0

AND

zyxel nas326Match-

Node

zyxel nas542_firmwareRange≤5.21(abag.11)c0

AND

zyxel nas542Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "NAS326 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.21(AAZF.14)C0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NAS542 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "V5.21(ABAG.11)C0"
      }
    ]
  }
]

Source	Link
bugprove	www.bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/
zyxel	www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products

21 Nov 2024 08:35Current

9.5High risk

Vulners AI Score9.5

CVSS 3.19.8

EPSS0.13405

SSVC

CWE-78