4 matches found
CVE-2023-37927
creationtimestamp| type| source ---|---|--- 2023-12-01 13:01:05+00:00| seen| https://t.me/truesecator/5152 2023-12-01 17:29:09+00:00| seen| https://t.me/itsecnews/3752...
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zyxel has released patches to address 15 security issues impacting network-attached storage NAS, firewall, and access point AP devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 CVSS...
CVE-2023-37927
CVE-2023-37927 and CVE-2023-37928 affect Zyxel NAS326 (firmware V5.21(AAZF.14)C0) and NAS542 (V5.21(ABAG.11)C0). The flaws stem from improper neutralization in the CGI/WSGI handling, enabling an authenticated attacker to execute OS commands via crafted URLs. CVE-2023-37927 is described as imprope...
CVE-2023-37927
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...