Lucene search

K

NAS540 Firmware Security Vulnerabilities

cve
cve

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating...

9.8CVSS

9.7AI Score

0.018EPSS

2023-06-19 12:15 PM
357
In Wild
cve
cve

CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device...

7.2CVSS

7.2AI Score

0.001EPSS

2023-05-30 02:15 AM
27
cve
cve

CVE-2020-13364

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310...

8.8CVSS

8.5AI Score

0.001EPSS

2020-08-06 05:15 PM
29
cve
cve

CVE-2020-13365

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542...

8.8CVSS

8.6AI Score

0.001EPSS

2020-08-06 05:15 PM
30
cve
cve

CVE-2020-9054

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using...

9.8CVSS

10AI Score

0.968EPSS

2020-03-04 08:15 PM
1046
In Wild