An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.
CPE | Name | Operator | Version |
---|---|---|---|
nas326_firmware | le | 5.21 |